cobaltstrike | a43b64b1f9fdf01c11c9c7a72d8ed2ea45d7d85cf763d813d94677ba10704d05

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-12-2024 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

042492d66978255fd5375575f1f02d01
SHA1

92d2a33cba0a1954fccd6f811298bcb4eedff377
SHA256

a43b64b1f9fdf01c11c9c7a72d8ed2ea45d7d85cf763d813d94677ba10704d05
SHA512

223fe35b93c31eb79ef8bb78387d6b24d35bbf0a630bd741ac90a2cc0308e98eca91119a1a6147af5f1b153997311be4c6f746ab1cae27fc3572a1b16c1c5fb3
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUd:eOl56utgpPF8u/7d

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193d9-7.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193df-16.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019401-22.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019403-33.dat	cobalt_reflective_dll
behavioral1/files/0x00350000000193be-49.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001942f-47.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019441-54.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001947e-62.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001967d-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196be-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196f6-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998a-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c43-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c48-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c4a-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c63-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d2d-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db5-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a078-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a441-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a443-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a43d-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a43f-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a354-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a311-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b3-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a08b-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fc9-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019faf-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dc1-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d54-122.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1876-0-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/files/0x00070000000193d9-7.dat	xmrig
behavioral1/memory/2816-12-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/1876-6-0x00000000021C0000-0x0000000002514000-memory.dmp	xmrig
behavioral1/files/0x00060000000193df-16.dat	xmrig
behavioral1/memory/2108-21-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/files/0x0006000000019401-22.dat	xmrig
behavioral1/memory/2748-28-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/3016-36-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/1876-34-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/files/0x0006000000019403-33.dat	xmrig
behavioral1/files/0x00350000000193be-49.dat	xmrig
behavioral1/memory/2620-52-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2816-41-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/1004-53-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/1876-48-0x00000000021C0000-0x0000000002514000-memory.dmp	xmrig
behavioral1/files/0x000600000001942f-47.dat	xmrig
behavioral1/memory/2792-46-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000019441-54.dat	xmrig
behavioral1/memory/1876-57-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2108-55-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/1368-61-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x000700000001947e-62.dat	xmrig
behavioral1/memory/1876-64-0x00000000021C0000-0x0000000002514000-memory.dmp	xmrig
behavioral1/memory/2748-63-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x000600000001967d-70.dat	xmrig
behavioral1/memory/1080-75-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/3016-73-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/1748-69-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000196be-77.dat	xmrig
behavioral1/memory/2160-83-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/1876-82-0x00000000021C0000-0x0000000002514000-memory.dmp	xmrig
behavioral1/memory/1876-78-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/files/0x00050000000196f6-85.dat	xmrig
behavioral1/files/0x000500000001998a-89.dat	xmrig
behavioral1/files/0x0005000000019c43-96.dat	xmrig
behavioral1/files/0x0005000000019c48-103.dat	xmrig
behavioral1/files/0x0005000000019c4a-107.dat	xmrig
behavioral1/files/0x0005000000019c63-112.dat	xmrig
behavioral1/files/0x0005000000019d2d-117.dat	xmrig
behavioral1/files/0x0005000000019db5-127.dat	xmrig
behavioral1/files/0x000500000001a078-147.dat	xmrig
behavioral1/files/0x000500000001a441-180.dat	xmrig
behavioral1/memory/1840-681-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/1876-695-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/1080-1231-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2160-1583-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/1368-790-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/912-690-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2292-682-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x000500000001a443-187.dat	xmrig
behavioral1/files/0x000500000001a43d-173.dat	xmrig
behavioral1/files/0x000500000001a43f-176.dat	xmrig
behavioral1/files/0x000500000001a354-167.dat	xmrig
behavioral1/files/0x000500000001a311-162.dat	xmrig
behavioral1/files/0x000500000001a0b3-157.dat	xmrig
behavioral1/files/0x000500000001a08b-152.dat	xmrig
behavioral1/files/0x0005000000019fc9-142.dat	xmrig
behavioral1/files/0x0005000000019faf-137.dat	xmrig
behavioral1/files/0x0005000000019dc1-132.dat	xmrig
behavioral1/files/0x0005000000019d54-122.dat	xmrig
behavioral1/memory/2816-3501-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2792-3520-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2816	eJPjJeX.exe
2792	XXHuwSJ.exe
2108	VLsjtym.exe
2748	JkHIWyh.exe
3016	PCHLaDJ.exe
2620	QCmUWkO.exe
1004	hNyhaVL.exe
1368	PLnxeLU.exe
1748	ZNQRDXN.exe
1080	caOPHXZ.exe
2160	oTqtQII.exe
1840	FDDHLAZ.exe
2292	ngKsCoU.exe
912	ALaZhrb.exe
2028	XjvQTtc.exe
800	ohKVwOd.exe
1664	jSNyArj.exe
2840	bEqrSZU.exe
1988	cIkDhrZ.exe
480	MMnEWmD.exe
1828	eFzUFDY.exe
1348	iLOVCGX.exe
2196	DXQjKCw.exe
2052	TjFNrYy.exe
2364	qinhxen.exe
2764	LLebJqe.exe
2164	czXonEX.exe
1068	mIaEQrk.exe
2156	gloerFk.exe
848	rxcPCGN.exe
944	UcQBsYG.exe
1268	BuUZyWE.exe
820	thKTPGt.exe
2628	aZjTUDI.exe
1848	cDMbuJb.exe
2732	euMuWvk.exe
828	FOonMls.exe
1752	ZsLSnbb.exe
1784	MwJgmXq.exe
1712	uKgXBXX.exe
2512	CkBSjQe.exe
2304	hDqwdDA.exe
2332	yXfjyrY.exe
3036	UqmGWNK.exe
2296	rlDDCJZ.exe
1744	TLMxicA.exe
2484	COGtXrJ.exe
2248	sTFaZmM.exe
2436	NabpQGu.exe
2168	rosMHmK.exe
672	AUTZtrE.exe
776	ZusWKGF.exe
2356	TFmOEFU.exe
2064	agKejlu.exe
1588	BELzzGl.exe
2776	zycIYUn.exe
2800	dkqhEHq.exe
2772	GxEKvOO.exe
2664	JPdsgin.exe
2812	ejDHWQy.exe
2572	ktEiVla.exe
2680	JCOzzNS.exe
2988	GhWUYRS.exe
3020	CwiFEDY.exe

Loads dropped DLL 64 IoCs

pid	Process
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1876-0-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/files/0x00070000000193d9-7.dat	upx
behavioral1/memory/2816-12-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/1876-6-0x00000000021C0000-0x0000000002514000-memory.dmp	upx
behavioral1/files/0x00060000000193df-16.dat	upx
behavioral1/memory/2108-21-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/files/0x0006000000019401-22.dat	upx
behavioral1/memory/2748-28-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/3016-36-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/1876-34-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/files/0x0006000000019403-33.dat	upx
behavioral1/files/0x00350000000193be-49.dat	upx
behavioral1/memory/2620-52-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2816-41-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/1004-53-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/files/0x000600000001942f-47.dat	upx
behavioral1/memory/2792-46-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x0007000000019441-54.dat	upx
behavioral1/memory/2108-55-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/1368-61-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x000700000001947e-62.dat	upx
behavioral1/memory/2748-63-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x000600000001967d-70.dat	upx
behavioral1/memory/1080-75-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/3016-73-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/1748-69-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x00050000000196be-77.dat	upx
behavioral1/memory/2160-83-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x00050000000196f6-85.dat	upx
behavioral1/files/0x000500000001998a-89.dat	upx
behavioral1/files/0x0005000000019c43-96.dat	upx
behavioral1/files/0x0005000000019c48-103.dat	upx
behavioral1/files/0x0005000000019c4a-107.dat	upx
behavioral1/files/0x0005000000019c63-112.dat	upx
behavioral1/files/0x0005000000019d2d-117.dat	upx
behavioral1/files/0x0005000000019db5-127.dat	upx
behavioral1/files/0x000500000001a078-147.dat	upx
behavioral1/files/0x000500000001a441-180.dat	upx
behavioral1/memory/1840-681-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/1080-1231-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2160-1583-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/1368-790-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/912-690-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2292-682-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x000500000001a443-187.dat	upx
behavioral1/files/0x000500000001a43d-173.dat	upx
behavioral1/files/0x000500000001a43f-176.dat	upx
behavioral1/files/0x000500000001a354-167.dat	upx
behavioral1/files/0x000500000001a311-162.dat	upx
behavioral1/files/0x000500000001a0b3-157.dat	upx
behavioral1/files/0x000500000001a08b-152.dat	upx
behavioral1/files/0x0005000000019fc9-142.dat	upx
behavioral1/files/0x0005000000019faf-137.dat	upx
behavioral1/files/0x0005000000019dc1-132.dat	upx
behavioral1/files/0x0005000000019d54-122.dat	upx
behavioral1/memory/2816-3501-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2792-3520-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2108-3597-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2748-3599-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/3016-3601-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2620-3820-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/1368-3823-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/1004-3856-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\SAPFvUF.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rzpezNq.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Zhjrjjm.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hZPCfYV.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jltwNLc.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ohKVwOd.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Dayvkks.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bVIGDdM.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EanOwHT.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hjdpxbq.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OjrdDDV.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OMAYhME.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KFtQkrB.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oTxHzDC.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iaAwDwp.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cPbpEfI.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPdsgin.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzQrBDh.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YaIYAJe.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ctZqMwd.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rrrblJP.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VvvAvtQ.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Bvxruak.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SFHpxtY.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dhjcSnr.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WJVJlCC.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pwMrNxG.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bcOlXKZ.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\apqRuLP.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GWVCpPZ.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zAbEANC.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vKcmRRy.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VhweFHp.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RZqQYYe.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ULSDoxE.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zQVVsfL.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fZVKSgU.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZFkljsh.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IhYdOLj.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rApTIIt.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GvWgJrW.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lNgxKOh.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yAKxFqU.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ISWDOQU.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IkVxXQr.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PRJjMtQ.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\svaIFmF.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GWOFlMH.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jSeARKh.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UpLOQCE.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gbeFAxP.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BoPTtka.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VoqpXzJ.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UdduivM.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AUTZtrE.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hOdjeAQ.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IsRWVMc.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vruXrjp.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HAnAvQz.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FhOTeMS.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vdhKDRr.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KIwNGUk.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UycCqkn.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmWkyXq.exe	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 2792	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1876 wrote to memory of 2792	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1876 wrote to memory of 2792	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1876 wrote to memory of 2816	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1876 wrote to memory of 2816	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1876 wrote to memory of 2816	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1876 wrote to memory of 2108	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1876 wrote to memory of 2108	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1876 wrote to memory of 2108	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1876 wrote to memory of 2748	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1876 wrote to memory of 2748	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1876 wrote to memory of 2748	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1876 wrote to memory of 3016	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1876 wrote to memory of 3016	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1876 wrote to memory of 3016	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1876 wrote to memory of 2620	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1876 wrote to memory of 2620	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1876 wrote to memory of 2620	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1876 wrote to memory of 1004	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1876 wrote to memory of 1004	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1876 wrote to memory of 1004	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1876 wrote to memory of 1368	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1876 wrote to memory of 1368	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1876 wrote to memory of 1368	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1876 wrote to memory of 1748	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1876 wrote to memory of 1748	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1876 wrote to memory of 1748	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1876 wrote to memory of 1080	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1876 wrote to memory of 1080	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1876 wrote to memory of 1080	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1876 wrote to memory of 2160	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1876 wrote to memory of 2160	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1876 wrote to memory of 2160	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1876 wrote to memory of 1840	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1876 wrote to memory of 1840	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1876 wrote to memory of 1840	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1876 wrote to memory of 2292	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1876 wrote to memory of 2292	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1876 wrote to memory of 2292	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1876 wrote to memory of 912	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1876 wrote to memory of 912	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1876 wrote to memory of 912	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1876 wrote to memory of 2028	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1876 wrote to memory of 2028	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1876 wrote to memory of 2028	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1876 wrote to memory of 800	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1876 wrote to memory of 800	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1876 wrote to memory of 800	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1876 wrote to memory of 1664	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1876 wrote to memory of 1664	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1876 wrote to memory of 1664	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1876 wrote to memory of 2840	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1876 wrote to memory of 2840	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1876 wrote to memory of 2840	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1876 wrote to memory of 1988	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1876 wrote to memory of 1988	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1876 wrote to memory of 1988	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1876 wrote to memory of 480	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1876 wrote to memory of 480	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1876 wrote to memory of 480	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1876 wrote to memory of 1828	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1876 wrote to memory of 1828	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1876 wrote to memory of 1828	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1876 wrote to memory of 1348	1876	2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-18_042492d66978255fd5375575f1f02d01_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1876
- C:\Windows\System\XXHuwSJ.exe
  C:\Windows\System\XXHuwSJ.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\eJPjJeX.exe
  C:\Windows\System\eJPjJeX.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\VLsjtym.exe
  C:\Windows\System\VLsjtym.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\JkHIWyh.exe
  C:\Windows\System\JkHIWyh.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\PCHLaDJ.exe
  C:\Windows\System\PCHLaDJ.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\QCmUWkO.exe
  C:\Windows\System\QCmUWkO.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\hNyhaVL.exe
  C:\Windows\System\hNyhaVL.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\PLnxeLU.exe
  C:\Windows\System\PLnxeLU.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\ZNQRDXN.exe
  C:\Windows\System\ZNQRDXN.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\caOPHXZ.exe
  C:\Windows\System\caOPHXZ.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\oTqtQII.exe
  C:\Windows\System\oTqtQII.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\FDDHLAZ.exe
  C:\Windows\System\FDDHLAZ.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\ngKsCoU.exe
  C:\Windows\System\ngKsCoU.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\ALaZhrb.exe
  C:\Windows\System\ALaZhrb.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\XjvQTtc.exe
  C:\Windows\System\XjvQTtc.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\ohKVwOd.exe
  C:\Windows\System\ohKVwOd.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\jSNyArj.exe
  C:\Windows\System\jSNyArj.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\bEqrSZU.exe
  C:\Windows\System\bEqrSZU.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\cIkDhrZ.exe
  C:\Windows\System\cIkDhrZ.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\MMnEWmD.exe
  C:\Windows\System\MMnEWmD.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\eFzUFDY.exe
  C:\Windows\System\eFzUFDY.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\iLOVCGX.exe
  C:\Windows\System\iLOVCGX.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\DXQjKCw.exe
  C:\Windows\System\DXQjKCw.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\TjFNrYy.exe
  C:\Windows\System\TjFNrYy.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\qinhxen.exe
  C:\Windows\System\qinhxen.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\LLebJqe.exe
  C:\Windows\System\LLebJqe.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\czXonEX.exe
  C:\Windows\System\czXonEX.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\mIaEQrk.exe
  C:\Windows\System\mIaEQrk.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\gloerFk.exe
  C:\Windows\System\gloerFk.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\rxcPCGN.exe
  C:\Windows\System\rxcPCGN.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\UcQBsYG.exe
  C:\Windows\System\UcQBsYG.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\BuUZyWE.exe
  C:\Windows\System\BuUZyWE.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\thKTPGt.exe
  C:\Windows\System\thKTPGt.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\aZjTUDI.exe
  C:\Windows\System\aZjTUDI.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\cDMbuJb.exe
  C:\Windows\System\cDMbuJb.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\euMuWvk.exe
  C:\Windows\System\euMuWvk.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\FOonMls.exe
  C:\Windows\System\FOonMls.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\ZsLSnbb.exe
  C:\Windows\System\ZsLSnbb.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\MwJgmXq.exe
  C:\Windows\System\MwJgmXq.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\uKgXBXX.exe
  C:\Windows\System\uKgXBXX.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\CkBSjQe.exe
  C:\Windows\System\CkBSjQe.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\hDqwdDA.exe
  C:\Windows\System\hDqwdDA.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\yXfjyrY.exe
  C:\Windows\System\yXfjyrY.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\UqmGWNK.exe
  C:\Windows\System\UqmGWNK.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\rlDDCJZ.exe
  C:\Windows\System\rlDDCJZ.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\TLMxicA.exe
  C:\Windows\System\TLMxicA.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\COGtXrJ.exe
  C:\Windows\System\COGtXrJ.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\sTFaZmM.exe
  C:\Windows\System\sTFaZmM.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\NabpQGu.exe
  C:\Windows\System\NabpQGu.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\rosMHmK.exe
  C:\Windows\System\rosMHmK.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\AUTZtrE.exe
  C:\Windows\System\AUTZtrE.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\ZusWKGF.exe
  C:\Windows\System\ZusWKGF.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\TFmOEFU.exe
  C:\Windows\System\TFmOEFU.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\agKejlu.exe
  C:\Windows\System\agKejlu.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\BELzzGl.exe
  C:\Windows\System\BELzzGl.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\zycIYUn.exe
  C:\Windows\System\zycIYUn.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\dkqhEHq.exe
  C:\Windows\System\dkqhEHq.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\GxEKvOO.exe
  C:\Windows\System\GxEKvOO.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\JPdsgin.exe
  C:\Windows\System\JPdsgin.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\ejDHWQy.exe
  C:\Windows\System\ejDHWQy.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\ktEiVla.exe
  C:\Windows\System\ktEiVla.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\JCOzzNS.exe
  C:\Windows\System\JCOzzNS.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\GhWUYRS.exe
  C:\Windows\System\GhWUYRS.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\CwiFEDY.exe
  C:\Windows\System\CwiFEDY.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\PJFKziH.exe
  C:\Windows\System\PJFKziH.exe
  2⤵
  PID:2688
- C:\Windows\System\fqQCIlx.exe
  C:\Windows\System\fqQCIlx.exe
  2⤵
  PID:1692
- C:\Windows\System\EGwdDsY.exe
  C:\Windows\System\EGwdDsY.exe
  2⤵
  PID:1328
- C:\Windows\System\DPkabSM.exe
  C:\Windows\System\DPkabSM.exe
  2⤵
  PID:652
- C:\Windows\System\zMytAJL.exe
  C:\Windows\System\zMytAJL.exe
  2⤵
  PID:1288
- C:\Windows\System\pwMrNxG.exe
  C:\Windows\System\pwMrNxG.exe
  2⤵
  PID:2864
- C:\Windows\System\kWPwzBZ.exe
  C:\Windows\System\kWPwzBZ.exe
  2⤵
  PID:1516
- C:\Windows\System\OXNRfWk.exe
  C:\Windows\System\OXNRfWk.exe
  2⤵
  PID:1808
- C:\Windows\System\zCKuqVi.exe
  C:\Windows\System\zCKuqVi.exe
  2⤵
  PID:112
- C:\Windows\System\QNWojZJ.exe
  C:\Windows\System\QNWojZJ.exe
  2⤵
  PID:1344
- C:\Windows\System\hOdjeAQ.exe
  C:\Windows\System\hOdjeAQ.exe
  2⤵
  PID:2200
- C:\Windows\System\ZLznaxz.exe
  C:\Windows\System\ZLznaxz.exe
  2⤵
  PID:1040
- C:\Windows\System\FSbFeKK.exe
  C:\Windows\System\FSbFeKK.exe
  2⤵
  PID:3048
- C:\Windows\System\SPHXlap.exe
  C:\Windows\System\SPHXlap.exe
  2⤵
  PID:2956
- C:\Windows\System\adfxxCi.exe
  C:\Windows\System\adfxxCi.exe
  2⤵
  PID:1140
- C:\Windows\System\DAsQuft.exe
  C:\Windows\System\DAsQuft.exe
  2⤵
  PID:1528
- C:\Windows\System\noThqTA.exe
  C:\Windows\System\noThqTA.exe
  2⤵
  PID:1768
- C:\Windows\System\jtKxHFH.exe
  C:\Windows\System\jtKxHFH.exe
  2⤵
  PID:2212
- C:\Windows\System\DplbvoC.exe
  C:\Windows\System\DplbvoC.exe
  2⤵
  PID:1540
- C:\Windows\System\QNmomwK.exe
  C:\Windows\System\QNmomwK.exe
  2⤵
  PID:1792
- C:\Windows\System\bmoJDhK.exe
  C:\Windows\System\bmoJDhK.exe
  2⤵
  PID:1936
- C:\Windows\System\jdQvncd.exe
  C:\Windows\System\jdQvncd.exe
  2⤵
  PID:1684
- C:\Windows\System\nlbWWbF.exe
  C:\Windows\System\nlbWWbF.exe
  2⤵
  PID:2872
- C:\Windows\System\IsRWVMc.exe
  C:\Windows\System\IsRWVMc.exe
  2⤵
  PID:1956
- C:\Windows\System\ZsmKUyZ.exe
  C:\Windows\System\ZsmKUyZ.exe
  2⤵
  PID:2216
- C:\Windows\System\bcOlXKZ.exe
  C:\Windows\System\bcOlXKZ.exe
  2⤵
  PID:1456
- C:\Windows\System\xIOTzVt.exe
  C:\Windows\System\xIOTzVt.exe
  2⤵
  PID:2940
- C:\Windows\System\OxQlaZC.exe
  C:\Windows\System\OxQlaZC.exe
  2⤵
  PID:3052
- C:\Windows\System\gvLzUMP.exe
  C:\Windows\System\gvLzUMP.exe
  2⤵
  PID:2460
- C:\Windows\System\apqRuLP.exe
  C:\Windows\System\apqRuLP.exe
  2⤵
  PID:2728
- C:\Windows\System\LFTxlOH.exe
  C:\Windows\System\LFTxlOH.exe
  2⤵
  PID:2784
- C:\Windows\System\qwgWZnA.exe
  C:\Windows\System\qwgWZnA.exe
  2⤵
  PID:1592
- C:\Windows\System\fQXgFhT.exe
  C:\Windows\System\fQXgFhT.exe
  2⤵
  PID:2668
- C:\Windows\System\KVjHgWL.exe
  C:\Windows\System\KVjHgWL.exe
  2⤵
  PID:2708
- C:\Windows\System\xoDahXF.exe
  C:\Windows\System\xoDahXF.exe
  2⤵
  PID:2704
- C:\Windows\System\qsYNVeW.exe
  C:\Windows\System\qsYNVeW.exe
  2⤵
  PID:2604
- C:\Windows\System\uxhRzVc.exe
  C:\Windows\System\uxhRzVc.exe
  2⤵
  PID:2128
- C:\Windows\System\IfAaRfy.exe
  C:\Windows\System\IfAaRfy.exe
  2⤵
  PID:2584
- C:\Windows\System\HRHxsEI.exe
  C:\Windows\System\HRHxsEI.exe
  2⤵
  PID:1624
- C:\Windows\System\gWZpWSw.exe
  C:\Windows\System\gWZpWSw.exe
  2⤵
  PID:2648
- C:\Windows\System\QAHZLjJ.exe
  C:\Windows\System\QAHZLjJ.exe
  2⤵
  PID:2032
- C:\Windows\System\eUAAaML.exe
  C:\Windows\System\eUAAaML.exe
  2⤵
  PID:1120
- C:\Windows\System\ErztefC.exe
  C:\Windows\System\ErztefC.exe
  2⤵
  PID:2184
- C:\Windows\System\jKTRiKt.exe
  C:\Windows\System\jKTRiKt.exe
  2⤵
  PID:444
- C:\Windows\System\oBHuubA.exe
  C:\Windows\System\oBHuubA.exe
  2⤵
  PID:1820
- C:\Windows\System\NmeVDsE.exe
  C:\Windows\System\NmeVDsE.exe
  2⤵
  PID:1708
- C:\Windows\System\rBAGwfL.exe
  C:\Windows\System\rBAGwfL.exe
  2⤵
  PID:2432
- C:\Windows\System\RHNpFlP.exe
  C:\Windows\System\RHNpFlP.exe
  2⤵
  PID:1980
- C:\Windows\System\TSUNVda.exe
  C:\Windows\System\TSUNVda.exe
  2⤵
  PID:1452
- C:\Windows\System\GEUDwmW.exe
  C:\Windows\System\GEUDwmW.exe
  2⤵
  PID:1028
- C:\Windows\System\SAPFvUF.exe
  C:\Windows\System\SAPFvUF.exe
  2⤵
  PID:3024
- C:\Windows\System\fZVKSgU.exe
  C:\Windows\System\fZVKSgU.exe
  2⤵
  PID:2084
- C:\Windows\System\iEELjVF.exe
  C:\Windows\System\iEELjVF.exe
  2⤵
  PID:2124
- C:\Windows\System\VvvAvtQ.exe
  C:\Windows\System\VvvAvtQ.exe
  2⤵
  PID:2100
- C:\Windows\System\FKuooAE.exe
  C:\Windows\System\FKuooAE.exe
  2⤵
  PID:2768
- C:\Windows\System\XScGGTx.exe
  C:\Windows\System\XScGGTx.exe
  2⤵
  PID:548
- C:\Windows\System\wiKUXDY.exe
  C:\Windows\System\wiKUXDY.exe
  2⤵
  PID:2820
- C:\Windows\System\bjpfyNP.exe
  C:\Windows\System\bjpfyNP.exe
  2⤵
  PID:2560
- C:\Windows\System\vdhKDRr.exe
  C:\Windows\System\vdhKDRr.exe
  2⤵
  PID:1700
- C:\Windows\System\vjJdlHs.exe
  C:\Windows\System\vjJdlHs.exe
  2⤵
  PID:1488
- C:\Windows\System\LSGJycX.exe
  C:\Windows\System\LSGJycX.exe
  2⤵
  PID:2780
- C:\Windows\System\UyxstfR.exe
  C:\Windows\System\UyxstfR.exe
  2⤵
  PID:1324
- C:\Windows\System\fJkcXJL.exe
  C:\Windows\System\fJkcXJL.exe
  2⤵
  PID:532
- C:\Windows\System\ovsSJqb.exe
  C:\Windows\System\ovsSJqb.exe
  2⤵
  PID:1804
- C:\Windows\System\HzQrBDh.exe
  C:\Windows\System\HzQrBDh.exe
  2⤵
  PID:2952
- C:\Windows\System\jIcTscg.exe
  C:\Windows\System\jIcTscg.exe
  2⤵
  PID:2712
- C:\Windows\System\EeUGuGO.exe
  C:\Windows\System\EeUGuGO.exe
  2⤵
  PID:1644
- C:\Windows\System\lveNVky.exe
  C:\Windows\System\lveNVky.exe
  2⤵
  PID:376
- C:\Windows\System\pYAeJTZ.exe
  C:\Windows\System\pYAeJTZ.exe
  2⤵
  PID:2736
- C:\Windows\System\qxTaWgp.exe
  C:\Windows\System\qxTaWgp.exe
  2⤵
  PID:2796
- C:\Windows\System\LiybCmJ.exe
  C:\Windows\System\LiybCmJ.exe
  2⤵
  PID:904
- C:\Windows\System\HxKdQoR.exe
  C:\Windows\System\HxKdQoR.exe
  2⤵
  PID:2720
- C:\Windows\System\tGNbaJz.exe
  C:\Windows\System\tGNbaJz.exe
  2⤵
  PID:1732
- C:\Windows\System\rDxUbvG.exe
  C:\Windows\System\rDxUbvG.exe
  2⤵
  PID:2440
- C:\Windows\System\wPPYRCw.exe
  C:\Windows\System\wPPYRCw.exe
  2⤵
  PID:2224
- C:\Windows\System\oalAvzU.exe
  C:\Windows\System\oalAvzU.exe
  2⤵
  PID:1572
- C:\Windows\System\tFSxeYy.exe
  C:\Windows\System\tFSxeYy.exe
  2⤵
  PID:1636
- C:\Windows\System\FuRSMXl.exe
  C:\Windows\System\FuRSMXl.exe
  2⤵
  PID:2348
- C:\Windows\System\RXHDRdI.exe
  C:\Windows\System\RXHDRdI.exe
  2⤵
  PID:2252
- C:\Windows\System\FJxlxYK.exe
  C:\Windows\System\FJxlxYK.exe
  2⤵
  PID:2692
- C:\Windows\System\ctWljss.exe
  C:\Windows\System\ctWljss.exe
  2⤵
  PID:2760
- C:\Windows\System\tYdeDhP.exe
  C:\Windows\System\tYdeDhP.exe
  2⤵
  PID:2208
- C:\Windows\System\EYhNpRP.exe
  C:\Windows\System\EYhNpRP.exe
  2⤵
  PID:3028
- C:\Windows\System\seecytt.exe
  C:\Windows\System\seecytt.exe
  2⤵
  PID:2136
- C:\Windows\System\nJPgUjd.exe
  C:\Windows\System\nJPgUjd.exe
  2⤵
  PID:1772
- C:\Windows\System\BmIdHQz.exe
  C:\Windows\System\BmIdHQz.exe
  2⤵
  PID:3084
- C:\Windows\System\HPGppOF.exe
  C:\Windows\System\HPGppOF.exe
  2⤵
  PID:3108
- C:\Windows\System\UPQxznC.exe
  C:\Windows\System\UPQxznC.exe
  2⤵
  PID:3124
- C:\Windows\System\YRXMADV.exe
  C:\Windows\System\YRXMADV.exe
  2⤵
  PID:3148
- C:\Windows\System\JXNaVCk.exe
  C:\Windows\System\JXNaVCk.exe
  2⤵
  PID:3168
- C:\Windows\System\vunYcmn.exe
  C:\Windows\System\vunYcmn.exe
  2⤵
  PID:3188
- C:\Windows\System\jtrSrhW.exe
  C:\Windows\System\jtrSrhW.exe
  2⤵
  PID:3204
- C:\Windows\System\iOFXOaQ.exe
  C:\Windows\System\iOFXOaQ.exe
  2⤵
  PID:3228
- C:\Windows\System\ZBCsMNs.exe
  C:\Windows\System\ZBCsMNs.exe
  2⤵
  PID:3248
- C:\Windows\System\mDgtrEQ.exe
  C:\Windows\System\mDgtrEQ.exe
  2⤵
  PID:3268
- C:\Windows\System\JUQTscp.exe
  C:\Windows\System\JUQTscp.exe
  2⤵
  PID:3288
- C:\Windows\System\KIwNGUk.exe
  C:\Windows\System\KIwNGUk.exe
  2⤵
  PID:3308
- C:\Windows\System\teTSTNW.exe
  C:\Windows\System\teTSTNW.exe
  2⤵
  PID:3328
- C:\Windows\System\RLKQoFc.exe
  C:\Windows\System\RLKQoFc.exe
  2⤵
  PID:3348
- C:\Windows\System\HcEYDyA.exe
  C:\Windows\System\HcEYDyA.exe
  2⤵
  PID:3368
- C:\Windows\System\ZFkljsh.exe
  C:\Windows\System\ZFkljsh.exe
  2⤵
  PID:3388
- C:\Windows\System\zyOpUwl.exe
  C:\Windows\System\zyOpUwl.exe
  2⤵
  PID:3408
- C:\Windows\System\uCaSACS.exe
  C:\Windows\System\uCaSACS.exe
  2⤵
  PID:3428
- C:\Windows\System\RniiwAR.exe
  C:\Windows\System\RniiwAR.exe
  2⤵
  PID:3448
- C:\Windows\System\WADcFYD.exe
  C:\Windows\System\WADcFYD.exe
  2⤵
  PID:3468
- C:\Windows\System\yWFjAcf.exe
  C:\Windows\System\yWFjAcf.exe
  2⤵
  PID:3488
- C:\Windows\System\kxflHgt.exe
  C:\Windows\System\kxflHgt.exe
  2⤵
  PID:3508
- C:\Windows\System\ndJooOT.exe
  C:\Windows\System\ndJooOT.exe
  2⤵
  PID:3524
- C:\Windows\System\TfqbWww.exe
  C:\Windows\System\TfqbWww.exe
  2⤵
  PID:3548
- C:\Windows\System\kllKDKO.exe
  C:\Windows\System\kllKDKO.exe
  2⤵
  PID:3568
- C:\Windows\System\oVTfzoA.exe
  C:\Windows\System\oVTfzoA.exe
  2⤵
  PID:3588
- C:\Windows\System\HwQhSoO.exe
  C:\Windows\System\HwQhSoO.exe
  2⤵
  PID:3612
- C:\Windows\System\RtGpIly.exe
  C:\Windows\System\RtGpIly.exe
  2⤵
  PID:3632
- C:\Windows\System\QOOSZCy.exe
  C:\Windows\System\QOOSZCy.exe
  2⤵
  PID:3648
- C:\Windows\System\uyfxlgs.exe
  C:\Windows\System\uyfxlgs.exe
  2⤵
  PID:3672
- C:\Windows\System\BYMKIDW.exe
  C:\Windows\System\BYMKIDW.exe
  2⤵
  PID:3688
- C:\Windows\System\rzpezNq.exe
  C:\Windows\System\rzpezNq.exe
  2⤵
  PID:3712
- C:\Windows\System\RKRLKrF.exe
  C:\Windows\System\RKRLKrF.exe
  2⤵
  PID:3728
- C:\Windows\System\lbjqgIZ.exe
  C:\Windows\System\lbjqgIZ.exe
  2⤵
  PID:3752
- C:\Windows\System\GUbyIGs.exe
  C:\Windows\System\GUbyIGs.exe
  2⤵
  PID:3768
- C:\Windows\System\XDmYVyS.exe
  C:\Windows\System\XDmYVyS.exe
  2⤵
  PID:3792
- C:\Windows\System\zipzGuJ.exe
  C:\Windows\System\zipzGuJ.exe
  2⤵
  PID:3808
- C:\Windows\System\zkwaGnZ.exe
  C:\Windows\System\zkwaGnZ.exe
  2⤵
  PID:3832
- C:\Windows\System\rPUpLDb.exe
  C:\Windows\System\rPUpLDb.exe
  2⤵
  PID:3852
- C:\Windows\System\NoMOLGU.exe
  C:\Windows\System\NoMOLGU.exe
  2⤵
  PID:3872
- C:\Windows\System\bmxlsez.exe
  C:\Windows\System\bmxlsez.exe
  2⤵
  PID:3888
- C:\Windows\System\kkTJVvS.exe
  C:\Windows\System\kkTJVvS.exe
  2⤵
  PID:3912
- C:\Windows\System\gccxWwf.exe
  C:\Windows\System\gccxWwf.exe
  2⤵
  PID:3928
- C:\Windows\System\zEwphpF.exe
  C:\Windows\System\zEwphpF.exe
  2⤵
  PID:3952
- C:\Windows\System\xIjrfGE.exe
  C:\Windows\System\xIjrfGE.exe
  2⤵
  PID:3968
- C:\Windows\System\jYGtVAm.exe
  C:\Windows\System\jYGtVAm.exe
  2⤵
  PID:3988
- C:\Windows\System\fNaRyow.exe
  C:\Windows\System\fNaRyow.exe
  2⤵
  PID:4008
- C:\Windows\System\ulBWHZR.exe
  C:\Windows\System\ulBWHZR.exe
  2⤵
  PID:4036
- C:\Windows\System\kuQzZMm.exe
  C:\Windows\System\kuQzZMm.exe
  2⤵
  PID:4056
- C:\Windows\System\frxTLFA.exe
  C:\Windows\System\frxTLFA.exe
  2⤵
  PID:4076
- C:\Windows\System\epZXttQ.exe
  C:\Windows\System\epZXttQ.exe
  2⤵
  PID:3008
- C:\Windows\System\vSFRBHC.exe
  C:\Windows\System\vSFRBHC.exe
  2⤵
  PID:2920
- C:\Windows\System\EmzCXFw.exe
  C:\Windows\System\EmzCXFw.exe
  2⤵
  PID:1200
- C:\Windows\System\tJwbMVW.exe
  C:\Windows\System\tJwbMVW.exe
  2⤵
  PID:3096
- C:\Windows\System\IhYdOLj.exe
  C:\Windows\System\IhYdOLj.exe
  2⤵
  PID:3132
- C:\Windows\System\HpRUTRW.exe
  C:\Windows\System\HpRUTRW.exe
  2⤵
  PID:3176
- C:\Windows\System\TAIeVRF.exe
  C:\Windows\System\TAIeVRF.exe
  2⤵
  PID:3160
- C:\Windows\System\AosNoBs.exe
  C:\Windows\System\AosNoBs.exe
  2⤵
  PID:3224
- C:\Windows\System\EoelERY.exe
  C:\Windows\System\EoelERY.exe
  2⤵
  PID:3260
- C:\Windows\System\crbSdsX.exe
  C:\Windows\System\crbSdsX.exe
  2⤵
  PID:2656
- C:\Windows\System\JpbuIRo.exe
  C:\Windows\System\JpbuIRo.exe
  2⤵
  PID:3336
- C:\Windows\System\wUUuDay.exe
  C:\Windows\System\wUUuDay.exe
  2⤵
  PID:3376
- C:\Windows\System\gzYxLGH.exe
  C:\Windows\System\gzYxLGH.exe
  2⤵
  PID:3364
- C:\Windows\System\BuqTeAd.exe
  C:\Windows\System\BuqTeAd.exe
  2⤵
  PID:3456
- C:\Windows\System\KzcVgMH.exe
  C:\Windows\System\KzcVgMH.exe
  2⤵
  PID:3460
- C:\Windows\System\EorRKeM.exe
  C:\Windows\System\EorRKeM.exe
  2⤵
  PID:3500
- C:\Windows\System\mDrXhJm.exe
  C:\Windows\System\mDrXhJm.exe
  2⤵
  PID:3532
- C:\Windows\System\DOECuWc.exe
  C:\Windows\System\DOECuWc.exe
  2⤵
  PID:3520
- C:\Windows\System\VUbdnOl.exe
  C:\Windows\System\VUbdnOl.exe
  2⤵
  PID:3628
- C:\Windows\System\gOUstGv.exe
  C:\Windows\System\gOUstGv.exe
  2⤵
  PID:1796
- C:\Windows\System\HpTnaaC.exe
  C:\Windows\System\HpTnaaC.exe
  2⤵
  PID:3596
- C:\Windows\System\bDvBHUm.exe
  C:\Windows\System\bDvBHUm.exe
  2⤵
  PID:3704
- C:\Windows\System\MxKsZdX.exe
  C:\Windows\System\MxKsZdX.exe
  2⤵
  PID:3644
- C:\Windows\System\BYFWUtX.exe
  C:\Windows\System\BYFWUtX.exe
  2⤵
  PID:3684
- C:\Windows\System\rGaBnEU.exe
  C:\Windows\System\rGaBnEU.exe
  2⤵
  PID:3784
- C:\Windows\System\MzjfFSU.exe
  C:\Windows\System\MzjfFSU.exe
  2⤵
  PID:3816
- C:\Windows\System\GhhvXLD.exe
  C:\Windows\System\GhhvXLD.exe
  2⤵
  PID:3820
- C:\Windows\System\XYUNDHQ.exe
  C:\Windows\System\XYUNDHQ.exe
  2⤵
  PID:3840
- C:\Windows\System\PVSYnBl.exe
  C:\Windows\System\PVSYnBl.exe
  2⤵
  PID:3908
- C:\Windows\System\vfXUyso.exe
  C:\Windows\System\vfXUyso.exe
  2⤵
  PID:3948
- C:\Windows\System\PNhKKge.exe
  C:\Windows\System\PNhKKge.exe
  2⤵
  PID:3884
- C:\Windows\System\eyGMamD.exe
  C:\Windows\System\eyGMamD.exe
  2⤵
  PID:3920
- C:\Windows\System\fJJphRU.exe
  C:\Windows\System\fJJphRU.exe
  2⤵
  PID:2172
- C:\Windows\System\UUsBxig.exe
  C:\Windows\System\UUsBxig.exe
  2⤵
  PID:1884
- C:\Windows\System\sitlWfw.exe
  C:\Windows\System\sitlWfw.exe
  2⤵
  PID:4084
- C:\Windows\System\rApTIIt.exe
  C:\Windows\System\rApTIIt.exe
  2⤵
  PID:1400
- C:\Windows\System\qYQUdOV.exe
  C:\Windows\System\qYQUdOV.exe
  2⤵
  PID:3076
- C:\Windows\System\gnRnzxd.exe
  C:\Windows\System\gnRnzxd.exe
  2⤵
  PID:3100
- C:\Windows\System\aopgZVU.exe
  C:\Windows\System\aopgZVU.exe
  2⤵
  PID:3196
- C:\Windows\System\dHzSMDg.exe
  C:\Windows\System\dHzSMDg.exe
  2⤵
  PID:3256
- C:\Windows\System\MHuJjOn.exe
  C:\Windows\System\MHuJjOn.exe
  2⤵
  PID:3340
- C:\Windows\System\YBFWOzd.exe
  C:\Windows\System\YBFWOzd.exe
  2⤵
  PID:3304
- C:\Windows\System\nFzydJc.exe
  C:\Windows\System\nFzydJc.exe
  2⤵
  PID:3420
- C:\Windows\System\NVKrHtv.exe
  C:\Windows\System\NVKrHtv.exe
  2⤵
  PID:3444
- C:\Windows\System\IKpItgU.exe
  C:\Windows\System\IKpItgU.exe
  2⤵
  PID:3544
- C:\Windows\System\KRijqAB.exe
  C:\Windows\System\KRijqAB.exe
  2⤵
  PID:3560
- C:\Windows\System\dVNfqjp.exe
  C:\Windows\System\dVNfqjp.exe
  2⤵
  PID:3604
- C:\Windows\System\WEsMKlO.exe
  C:\Windows\System\WEsMKlO.exe
  2⤵
  PID:3668
- C:\Windows\System\HLVdyFM.exe
  C:\Windows\System\HLVdyFM.exe
  2⤵
  PID:3736
- C:\Windows\System\aohUQpP.exe
  C:\Windows\System\aohUQpP.exe
  2⤵
  PID:3764
- C:\Windows\System\ErllCcg.exe
  C:\Windows\System\ErllCcg.exe
  2⤵
  PID:3868
- C:\Windows\System\xdrOxdr.exe
  C:\Windows\System\xdrOxdr.exe
  2⤵
  PID:3828
- C:\Windows\System\IDFhHpw.exe
  C:\Windows\System\IDFhHpw.exe
  2⤵
  PID:3904
- C:\Windows\System\ogJCtUm.exe
  C:\Windows\System\ogJCtUm.exe
  2⤵
  PID:3880
- C:\Windows\System\vlSvqaR.exe
  C:\Windows\System\vlSvqaR.exe
  2⤵
  PID:4068
- C:\Windows\System\FqHORCl.exe
  C:\Windows\System\FqHORCl.exe
  2⤵
  PID:2972
- C:\Windows\System\ircTDzM.exe
  C:\Windows\System\ircTDzM.exe
  2⤵
  PID:3116
- C:\Windows\System\wFazrSd.exe
  C:\Windows\System\wFazrSd.exe
  2⤵
  PID:3004
- C:\Windows\System\RaBWfgd.exe
  C:\Windows\System\RaBWfgd.exe
  2⤵
  PID:3220
- C:\Windows\System\gUYLgpT.exe
  C:\Windows\System\gUYLgpT.exe
  2⤵
  PID:3156
- C:\Windows\System\GUypZtI.exe
  C:\Windows\System\GUypZtI.exe
  2⤵
  PID:3504
- C:\Windows\System\EABkBiq.exe
  C:\Windows\System\EABkBiq.exe
  2⤵
  PID:3464
- C:\Windows\System\JDajCrD.exe
  C:\Windows\System\JDajCrD.exe
  2⤵
  PID:3540
- C:\Windows\System\uvKzGKH.exe
  C:\Windows\System\uvKzGKH.exe
  2⤵
  PID:3696
- C:\Windows\System\HLkkrjb.exe
  C:\Windows\System\HLkkrjb.exe
  2⤵
  PID:3000
- C:\Windows\System\ZyXPeSp.exe
  C:\Windows\System\ZyXPeSp.exe
  2⤵
  PID:3860
- C:\Windows\System\bDVkzWc.exe
  C:\Windows\System\bDVkzWc.exe
  2⤵
  PID:3996
- C:\Windows\System\JBItPXc.exe
  C:\Windows\System\JBItPXc.exe
  2⤵
  PID:3936
- C:\Windows\System\TcQvrkG.exe
  C:\Windows\System\TcQvrkG.exe
  2⤵
  PID:4024
- C:\Windows\System\jQGhTaQ.exe
  C:\Windows\System\jQGhTaQ.exe
  2⤵
  PID:3320
- C:\Windows\System\tTteAtJ.exe
  C:\Windows\System\tTteAtJ.exe
  2⤵
  PID:3244
- C:\Windows\System\HArPkKY.exe
  C:\Windows\System\HArPkKY.exe
  2⤵
  PID:3664
- C:\Windows\System\qgNMIhs.exe
  C:\Windows\System\qgNMIhs.exe
  2⤵
  PID:3788
- C:\Windows\System\tQtrmMu.exe
  C:\Windows\System\tQtrmMu.exe
  2⤵
  PID:3984
- C:\Windows\System\szEAFsS.exe
  C:\Windows\System\szEAFsS.exe
  2⤵
  PID:3680
- C:\Windows\System\hzftpaG.exe
  C:\Windows\System\hzftpaG.exe
  2⤵
  PID:3776
- C:\Windows\System\wHTiOGw.exe
  C:\Windows\System\wHTiOGw.exe
  2⤵
  PID:3240
- C:\Windows\System\pQIvMFG.exe
  C:\Windows\System\pQIvMFG.exe
  2⤵
  PID:4088
- C:\Windows\System\gUeBknH.exe
  C:\Windows\System\gUeBknH.exe
  2⤵
  PID:3748
- C:\Windows\System\gFJisAP.exe
  C:\Windows\System\gFJisAP.exe
  2⤵
  PID:3296
- C:\Windows\System\WtpbfAn.exe
  C:\Windows\System\WtpbfAn.exe
  2⤵
  PID:3620
- C:\Windows\System\vbnUfrX.exe
  C:\Windows\System\vbnUfrX.exe
  2⤵
  PID:4112
- C:\Windows\System\oCwzZBT.exe
  C:\Windows\System\oCwzZBT.exe
  2⤵
  PID:4128
- C:\Windows\System\zYQzVmY.exe
  C:\Windows\System\zYQzVmY.exe
  2⤵
  PID:4152
- C:\Windows\System\AwMZuls.exe
  C:\Windows\System\AwMZuls.exe
  2⤵
  PID:4172
- C:\Windows\System\xqrmlyZ.exe
  C:\Windows\System\xqrmlyZ.exe
  2⤵
  PID:4192
- C:\Windows\System\YIoUDGO.exe
  C:\Windows\System\YIoUDGO.exe
  2⤵
  PID:4212
- C:\Windows\System\VwMALDl.exe
  C:\Windows\System\VwMALDl.exe
  2⤵
  PID:4232
- C:\Windows\System\GqTXuYP.exe
  C:\Windows\System\GqTXuYP.exe
  2⤵
  PID:4252
- C:\Windows\System\XKLdyhT.exe
  C:\Windows\System\XKLdyhT.exe
  2⤵
  PID:4272
- C:\Windows\System\BSrnDFE.exe
  C:\Windows\System\BSrnDFE.exe
  2⤵
  PID:4292
- C:\Windows\System\rjRgOAO.exe
  C:\Windows\System\rjRgOAO.exe
  2⤵
  PID:4316
- C:\Windows\System\zBFYQcl.exe
  C:\Windows\System\zBFYQcl.exe
  2⤵
  PID:4332
- C:\Windows\System\rvEaeLX.exe
  C:\Windows\System\rvEaeLX.exe
  2⤵
  PID:4348
- C:\Windows\System\vEtjTFP.exe
  C:\Windows\System\vEtjTFP.exe
  2⤵
  PID:4364
- C:\Windows\System\ZmcXuUD.exe
  C:\Windows\System\ZmcXuUD.exe
  2⤵
  PID:4384
- C:\Windows\System\vaLTymE.exe
  C:\Windows\System\vaLTymE.exe
  2⤵
  PID:4408
- C:\Windows\System\WMmhzGF.exe
  C:\Windows\System\WMmhzGF.exe
  2⤵
  PID:4424
- C:\Windows\System\MQwKQaS.exe
  C:\Windows\System\MQwKQaS.exe
  2⤵
  PID:4440
- C:\Windows\System\TdLcNgq.exe
  C:\Windows\System\TdLcNgq.exe
  2⤵
  PID:4456
- C:\Windows\System\iKFsLxR.exe
  C:\Windows\System\iKFsLxR.exe
  2⤵
  PID:4480
- C:\Windows\System\TMqebyH.exe
  C:\Windows\System\TMqebyH.exe
  2⤵
  PID:4496
- C:\Windows\System\wSGXumE.exe
  C:\Windows\System\wSGXumE.exe
  2⤵
  PID:4512
- C:\Windows\System\fOwhrzP.exe
  C:\Windows\System\fOwhrzP.exe
  2⤵
  PID:4536
- C:\Windows\System\TIDztEB.exe
  C:\Windows\System\TIDztEB.exe
  2⤵
  PID:4564
- C:\Windows\System\GvWgJrW.exe
  C:\Windows\System\GvWgJrW.exe
  2⤵
  PID:4580
- C:\Windows\System\kiECmQT.exe
  C:\Windows\System\kiECmQT.exe
  2⤵
  PID:4596
- C:\Windows\System\JmLkJhs.exe
  C:\Windows\System\JmLkJhs.exe
  2⤵
  PID:4612
- C:\Windows\System\WQCtniM.exe
  C:\Windows\System\WQCtniM.exe
  2⤵
  PID:4648
- C:\Windows\System\LAJvevE.exe
  C:\Windows\System\LAJvevE.exe
  2⤵
  PID:4664
- C:\Windows\System\onBHpkd.exe
  C:\Windows\System\onBHpkd.exe
  2⤵
  PID:4684
- C:\Windows\System\zVrzSMi.exe
  C:\Windows\System\zVrzSMi.exe
  2⤵
  PID:4700
- C:\Windows\System\GnmjhDZ.exe
  C:\Windows\System\GnmjhDZ.exe
  2⤵
  PID:4728
- C:\Windows\System\NQcBSzz.exe
  C:\Windows\System\NQcBSzz.exe
  2⤵
  PID:4744
- C:\Windows\System\QSsCutR.exe
  C:\Windows\System\QSsCutR.exe
  2⤵
  PID:4760
- C:\Windows\System\ZfgvnzD.exe
  C:\Windows\System\ZfgvnzD.exe
  2⤵
  PID:4784
- C:\Windows\System\cCTBhlw.exe
  C:\Windows\System\cCTBhlw.exe
  2⤵
  PID:4804
- C:\Windows\System\ihxkeey.exe
  C:\Windows\System\ihxkeey.exe
  2⤵
  PID:4848
- C:\Windows\System\ugcGyFR.exe
  C:\Windows\System\ugcGyFR.exe
  2⤵
  PID:4864
- C:\Windows\System\nZdZfPj.exe
  C:\Windows\System\nZdZfPj.exe
  2⤵
  PID:4880
- C:\Windows\System\XvDYcEO.exe
  C:\Windows\System\XvDYcEO.exe
  2⤵
  PID:4908
- C:\Windows\System\EakaLcI.exe
  C:\Windows\System\EakaLcI.exe
  2⤵
  PID:4924
- C:\Windows\System\nxnzzyP.exe
  C:\Windows\System\nxnzzyP.exe
  2⤵
  PID:4940
- C:\Windows\System\XtpbHuh.exe
  C:\Windows\System\XtpbHuh.exe
  2⤵
  PID:4960
- C:\Windows\System\UycCqkn.exe
  C:\Windows\System\UycCqkn.exe
  2⤵
  PID:4980
- C:\Windows\System\dggVfrM.exe
  C:\Windows\System\dggVfrM.exe
  2⤵
  PID:4996
- C:\Windows\System\DvIlVms.exe
  C:\Windows\System\DvIlVms.exe
  2⤵
  PID:5016
- C:\Windows\System\qOoAbUI.exe
  C:\Windows\System\qOoAbUI.exe
  2⤵
  PID:5032
- C:\Windows\System\Dayvkks.exe
  C:\Windows\System\Dayvkks.exe
  2⤵
  PID:5048
- C:\Windows\System\MedHCzf.exe
  C:\Windows\System\MedHCzf.exe
  2⤵
  PID:5068
- C:\Windows\System\wlNvrHR.exe
  C:\Windows\System\wlNvrHR.exe
  2⤵
  PID:5084
- C:\Windows\System\aHbJGEY.exe
  C:\Windows\System\aHbJGEY.exe
  2⤵
  PID:5100
- C:\Windows\System\nagqffM.exe
  C:\Windows\System\nagqffM.exe
  2⤵
  PID:2964
- C:\Windows\System\NPLZQaL.exe
  C:\Windows\System\NPLZQaL.exe
  2⤵
  PID:4108
- C:\Windows\System\MJinaPn.exe
  C:\Windows\System\MJinaPn.exe
  2⤵
  PID:3580
- C:\Windows\System\XQPjqVn.exe
  C:\Windows\System\XQPjqVn.exe
  2⤵
  PID:4144
- C:\Windows\System\CNgObgw.exe
  C:\Windows\System\CNgObgw.exe
  2⤵
  PID:1308
- C:\Windows\System\BMkpBLL.exe
  C:\Windows\System\BMkpBLL.exe
  2⤵
  PID:2312
- C:\Windows\System\dqohaqm.exe
  C:\Windows\System\dqohaqm.exe
  2⤵
  PID:4228
- C:\Windows\System\JOMLLtE.exe
  C:\Windows\System\JOMLLtE.exe
  2⤵
  PID:4268
- C:\Windows\System\dXescvg.exe
  C:\Windows\System\dXescvg.exe
  2⤵
  PID:4264
- C:\Windows\System\Tcdjimw.exe
  C:\Windows\System\Tcdjimw.exe
  2⤵
  PID:4308
- C:\Windows\System\WcpxerK.exe
  C:\Windows\System\WcpxerK.exe
  2⤵
  PID:2088
- C:\Windows\System\xdgrZMY.exe
  C:\Windows\System\xdgrZMY.exe
  2⤵
  PID:1372
- C:\Windows\System\AlZeydI.exe
  C:\Windows\System\AlZeydI.exe
  2⤵
  PID:4372
- C:\Windows\System\arTMuVE.exe
  C:\Windows\System\arTMuVE.exe
  2⤵
  PID:4448
- C:\Windows\System\wlFPvUe.exe
  C:\Windows\System\wlFPvUe.exe
  2⤵
  PID:4396
- C:\Windows\System\oTXAPRq.exe
  C:\Windows\System\oTXAPRq.exe
  2⤵
  PID:4304
- C:\Windows\System\JEOUFVu.exe
  C:\Windows\System\JEOUFVu.exe
  2⤵
  PID:4520
- C:\Windows\System\uaDyawF.exe
  C:\Windows\System\uaDyawF.exe
  2⤵
  PID:2424
- C:\Windows\System\LXThQyI.exe
  C:\Windows\System\LXThQyI.exe
  2⤵
  PID:4468
- C:\Windows\System\sMIncOn.exe
  C:\Windows\System\sMIncOn.exe
  2⤵
  PID:464
- C:\Windows\System\ADUPGYA.exe
  C:\Windows\System\ADUPGYA.exe
  2⤵
  PID:4604
- C:\Windows\System\FlMkCGu.exe
  C:\Windows\System\FlMkCGu.exe
  2⤵
  PID:1612
- C:\Windows\System\iIoqnPT.exe
  C:\Windows\System\iIoqnPT.exe
  2⤵
  PID:4548
- C:\Windows\System\BnedNUg.exe
  C:\Windows\System\BnedNUg.exe
  2⤵
  PID:4592
- C:\Windows\System\stlKAqk.exe
  C:\Windows\System\stlKAqk.exe
  2⤵
  PID:4632
- C:\Windows\System\UQxuWaY.exe
  C:\Windows\System\UQxuWaY.exe
  2⤵
  PID:4768
- C:\Windows\System\KmutVze.exe
  C:\Windows\System\KmutVze.exe
  2⤵
  PID:4800
- C:\Windows\System\hxSTNDi.exe
  C:\Windows\System\hxSTNDi.exe
  2⤵
  PID:4712
- C:\Windows\System\eoVEQXx.exe
  C:\Windows\System\eoVEQXx.exe
  2⤵
  PID:4752
- C:\Windows\System\VjRjrgs.exe
  C:\Windows\System\VjRjrgs.exe
  2⤵
  PID:4816
- C:\Windows\System\qTydbVN.exe
  C:\Windows\System\qTydbVN.exe
  2⤵
  PID:4856
- C:\Windows\System\WLAEuzV.exe
  C:\Windows\System\WLAEuzV.exe
  2⤵
  PID:4872
- C:\Windows\System\SwaBTRl.exe
  C:\Windows\System\SwaBTRl.exe
  2⤵
  PID:4904
- C:\Windows\System\AyCDMyT.exe
  C:\Windows\System\AyCDMyT.exe
  2⤵
  PID:4932
- C:\Windows\System\fvYKAtM.exe
  C:\Windows\System\fvYKAtM.exe
  2⤵
  PID:4956
- C:\Windows\System\YwnRZxe.exe
  C:\Windows\System\YwnRZxe.exe
  2⤵
  PID:4976
- C:\Windows\System\YPrgiSI.exe
  C:\Windows\System\YPrgiSI.exe
  2⤵
  PID:5008
- C:\Windows\System\JGHWPMY.exe
  C:\Windows\System\JGHWPMY.exe
  2⤵
  PID:5060
- C:\Windows\System\YUoQTqn.exe
  C:\Windows\System\YUoQTqn.exe
  2⤵
  PID:4052
- C:\Windows\System\MEcnoMK.exe
  C:\Windows\System\MEcnoMK.exe
  2⤵
  PID:5076
- C:\Windows\System\VysswiI.exe
  C:\Windows\System\VysswiI.exe
  2⤵
  PID:4136
- C:\Windows\System\KEjCiGJ.exe
  C:\Windows\System\KEjCiGJ.exe
  2⤵
  PID:3804
- C:\Windows\System\MlboCjH.exe
  C:\Windows\System\MlboCjH.exe
  2⤵
  PID:4120
- C:\Windows\System\bJiWkMt.exe
  C:\Windows\System\bJiWkMt.exe
  2⤵
  PID:4284
- C:\Windows\System\TGPnvEM.exe
  C:\Windows\System\TGPnvEM.exe
  2⤵
  PID:4180
- C:\Windows\System\hQoreWG.exe
  C:\Windows\System\hQoreWG.exe
  2⤵
  PID:1760
- C:\Windows\System\ljCCPSC.exe
  C:\Windows\System\ljCCPSC.exe
  2⤵
  PID:4248
- C:\Windows\System\DDZgTQD.exe
  C:\Windows\System\DDZgTQD.exe
  2⤵
  PID:4344
- C:\Windows\System\ZVFmxeb.exe
  C:\Windows\System\ZVFmxeb.exe
  2⤵
  PID:4420
- C:\Windows\System\WxsFgLH.exe
  C:\Windows\System\WxsFgLH.exe
  2⤵
  PID:4436
- C:\Windows\System\WzUpLRR.exe
  C:\Windows\System\WzUpLRR.exe
  2⤵
  PID:4392
- C:\Windows\System\MXnnXtE.exe
  C:\Windows\System\MXnnXtE.exe
  2⤵
  PID:1296
- C:\Windows\System\BNVXaOp.exe
  C:\Windows\System\BNVXaOp.exe
  2⤵
  PID:4508
- C:\Windows\System\NaEtSDt.exe
  C:\Windows\System\NaEtSDt.exe
  2⤵
  PID:4492
- C:\Windows\System\nCLbjQf.exe
  C:\Windows\System\nCLbjQf.exe
  2⤵
  PID:4504
- C:\Windows\System\QEQePzk.exe
  C:\Windows\System\QEQePzk.exe
  2⤵
  PID:4916
- C:\Windows\System\TnmDpYq.exe
  C:\Windows\System\TnmDpYq.exe
  2⤵
  PID:4796
- C:\Windows\System\sabpBfL.exe
  C:\Windows\System\sabpBfL.exe
  2⤵
  PID:4044
- C:\Windows\System\BfMjqUf.exe
  C:\Windows\System\BfMjqUf.exe
  2⤵
  PID:4720
- C:\Windows\System\KZLqjYB.exe
  C:\Windows\System\KZLqjYB.exe
  2⤵
  PID:5040
- C:\Windows\System\kbkVmYB.exe
  C:\Windows\System\kbkVmYB.exe
  2⤵
  PID:5108
- C:\Windows\System\SYJWPlk.exe
  C:\Windows\System\SYJWPlk.exe
  2⤵
  PID:4836
- C:\Windows\System\TRBSHYi.exe
  C:\Windows\System\TRBSHYi.exe
  2⤵
  PID:4948
- C:\Windows\System\SeqJZdl.exe
  C:\Windows\System\SeqJZdl.exe
  2⤵
  PID:5028
- C:\Windows\System\fETBJYO.exe
  C:\Windows\System\fETBJYO.exe
  2⤵
  PID:3316
- C:\Windows\System\RxroRzT.exe
  C:\Windows\System\RxroRzT.exe
  2⤵
  PID:4124
- C:\Windows\System\eqtwVyk.exe
  C:\Windows\System\eqtwVyk.exe
  2⤵
  PID:4184
- C:\Windows\System\esEzTWZ.exe
  C:\Windows\System\esEzTWZ.exe
  2⤵
  PID:1212
- C:\Windows\System\MASaCkW.exe
  C:\Windows\System\MASaCkW.exe
  2⤵
  PID:1104
- C:\Windows\System\iwwYJnk.exe
  C:\Windows\System\iwwYJnk.exe
  2⤵
  PID:4376
- C:\Windows\System\XILYHxH.exe
  C:\Windows\System\XILYHxH.exe
  2⤵
  PID:1952
- C:\Windows\System\ujdESdy.exe
  C:\Windows\System\ujdESdy.exe
  2⤵
  PID:4692
- C:\Windows\System\Cijzvys.exe
  C:\Windows\System\Cijzvys.exe
  2⤵
  PID:4572
- C:\Windows\System\EFdFQqn.exe
  C:\Windows\System\EFdFQqn.exe
  2⤵
  PID:2908
- C:\Windows\System\QMJaJVQ.exe
  C:\Windows\System\QMJaJVQ.exe
  2⤵
  PID:4400
- C:\Windows\System\SxpBohR.exe
  C:\Windows\System\SxpBohR.exe
  2⤵
  PID:4628
- C:\Windows\System\kulsRrr.exe
  C:\Windows\System\kulsRrr.exe
  2⤵
  PID:4780
- C:\Windows\System\irsLPVt.exe
  C:\Windows\System\irsLPVt.exe
  2⤵
  PID:4820
- C:\Windows\System\LbgOpCG.exe
  C:\Windows\System\LbgOpCG.exe
  2⤵
  PID:2852
- C:\Windows\System\cjVMAYB.exe
  C:\Windows\System\cjVMAYB.exe
  2⤵
  PID:2236
- C:\Windows\System\yChgSsj.exe
  C:\Windows\System\yChgSsj.exe
  2⤵
  PID:4092
- C:\Windows\System\hYqowha.exe
  C:\Windows\System\hYqowha.exe
  2⤵
  PID:5024
- C:\Windows\System\PpvSXmK.exe
  C:\Windows\System\PpvSXmK.exe
  2⤵
  PID:852
- C:\Windows\System\IABmzsQ.exe
  C:\Windows\System\IABmzsQ.exe
  2⤵
  PID:4432
- C:\Windows\System\jZjKhvu.exe
  C:\Windows\System\jZjKhvu.exe
  2⤵
  PID:1312
- C:\Windows\System\YrHcLcj.exe
  C:\Windows\System\YrHcLcj.exe
  2⤵
  PID:5112
- C:\Windows\System\tAUrLEz.exe
  C:\Windows\System\tAUrLEz.exe
  2⤵
  PID:4416
- C:\Windows\System\JUlWkhQ.exe
  C:\Windows\System\JUlWkhQ.exe
  2⤵
  PID:708
- C:\Windows\System\NYfnDli.exe
  C:\Windows\System\NYfnDli.exe
  2⤵
  PID:4328
- C:\Windows\System\ADpJKIt.exe
  C:\Windows\System\ADpJKIt.exe
  2⤵
  PID:4644
- C:\Windows\System\iTNXlgN.exe
  C:\Windows\System\iTNXlgN.exe
  2⤵
  PID:4464
- C:\Windows\System\NwSbujN.exe
  C:\Windows\System\NwSbujN.exe
  2⤵
  PID:1096
- C:\Windows\System\mbebKgz.exe
  C:\Windows\System\mbebKgz.exe
  2⤵
  PID:4832
- C:\Windows\System\vedhlXj.exe
  C:\Windows\System\vedhlXj.exe
  2⤵
  PID:1084
- C:\Windows\System\uvDeRbV.exe
  C:\Windows\System\uvDeRbV.exe
  2⤵
  PID:4528
- C:\Windows\System\TkcrzCs.exe
  C:\Windows\System\TkcrzCs.exe
  2⤵
  PID:3440
- C:\Windows\System\KCVLGOX.exe
  C:\Windows\System\KCVLGOX.exe
  2⤵
  PID:5116
- C:\Windows\System\UTmHpeP.exe
  C:\Windows\System\UTmHpeP.exe
  2⤵
  PID:4356
- C:\Windows\System\CxnZQtz.exe
  C:\Windows\System\CxnZQtz.exe
  2⤵
  PID:4736
- C:\Windows\System\CWOlwZn.exe
  C:\Windows\System\CWOlwZn.exe
  2⤵
  PID:4972
- C:\Windows\System\jbPPTzQ.exe
  C:\Windows\System\jbPPTzQ.exe
  2⤵
  PID:3780
- C:\Windows\System\ssRxfng.exe
  C:\Windows\System\ssRxfng.exe
  2⤵
  PID:3660
- C:\Windows\System\ulTVYdA.exe
  C:\Windows\System\ulTVYdA.exe
  2⤵
  PID:2672
- C:\Windows\System\xUpFafE.exe
  C:\Windows\System\xUpFafE.exe
  2⤵
  PID:5136
- C:\Windows\System\DLwaanj.exe
  C:\Windows\System\DLwaanj.exe
  2⤵
  PID:5152
- C:\Windows\System\IHNcOwT.exe
  C:\Windows\System\IHNcOwT.exe
  2⤵
  PID:5168
- C:\Windows\System\MLVRJoZ.exe
  C:\Windows\System\MLVRJoZ.exe
  2⤵
  PID:5188
- C:\Windows\System\gZbacGf.exe
  C:\Windows\System\gZbacGf.exe
  2⤵
  PID:5204
- C:\Windows\System\uyGamCr.exe
  C:\Windows\System\uyGamCr.exe
  2⤵
  PID:5220
- C:\Windows\System\wwtVAHF.exe
  C:\Windows\System\wwtVAHF.exe
  2⤵
  PID:5236
- C:\Windows\System\tpvwHKF.exe
  C:\Windows\System\tpvwHKF.exe
  2⤵
  PID:5252
- C:\Windows\System\HMZjuph.exe
  C:\Windows\System\HMZjuph.exe
  2⤵
  PID:5268
- C:\Windows\System\iHNIvlG.exe
  C:\Windows\System\iHNIvlG.exe
  2⤵
  PID:5284
- C:\Windows\System\gtXwaQU.exe
  C:\Windows\System\gtXwaQU.exe
  2⤵
  PID:5308
- C:\Windows\System\qlIRfmD.exe
  C:\Windows\System\qlIRfmD.exe
  2⤵
  PID:5324
- C:\Windows\System\WsLXlJF.exe
  C:\Windows\System\WsLXlJF.exe
  2⤵
  PID:5340
- C:\Windows\System\SwyhLfa.exe
  C:\Windows\System\SwyhLfa.exe
  2⤵
  PID:5356
- C:\Windows\System\GKtpqUm.exe
  C:\Windows\System\GKtpqUm.exe
  2⤵
  PID:5372
- C:\Windows\System\RNLVXxP.exe
  C:\Windows\System\RNLVXxP.exe
  2⤵
  PID:5388
- C:\Windows\System\McLgGzo.exe
  C:\Windows\System\McLgGzo.exe
  2⤵
  PID:5404
- C:\Windows\System\KEiCyKv.exe
  C:\Windows\System\KEiCyKv.exe
  2⤵
  PID:5424
- C:\Windows\System\ZeIXfrv.exe
  C:\Windows\System\ZeIXfrv.exe
  2⤵
  PID:5444
- C:\Windows\System\fPVJSPZ.exe
  C:\Windows\System\fPVJSPZ.exe
  2⤵
  PID:5460
- C:\Windows\System\iwbspZF.exe
  C:\Windows\System\iwbspZF.exe
  2⤵
  PID:5476
- C:\Windows\System\IBImXRQ.exe
  C:\Windows\System\IBImXRQ.exe
  2⤵
  PID:5492
- C:\Windows\System\Bvxruak.exe
  C:\Windows\System\Bvxruak.exe
  2⤵
  PID:5520
- C:\Windows\System\cyUfUAJ.exe
  C:\Windows\System\cyUfUAJ.exe
  2⤵
  PID:5544
- C:\Windows\System\QLHigaL.exe
  C:\Windows\System\QLHigaL.exe
  2⤵
  PID:5568
- C:\Windows\System\DZOVUTO.exe
  C:\Windows\System\DZOVUTO.exe
  2⤵
  PID:5700
- C:\Windows\System\UsGtNCM.exe
  C:\Windows\System\UsGtNCM.exe
  2⤵
  PID:5716
- C:\Windows\System\xjhaSPh.exe
  C:\Windows\System\xjhaSPh.exe
  2⤵
  PID:5732
- C:\Windows\System\uYKLFFu.exe
  C:\Windows\System\uYKLFFu.exe
  2⤵
  PID:5748
- C:\Windows\System\BRfsqrw.exe
  C:\Windows\System\BRfsqrw.exe
  2⤵
  PID:5764
- C:\Windows\System\HERDogv.exe
  C:\Windows\System\HERDogv.exe
  2⤵
  PID:5780
- C:\Windows\System\AfeKEqI.exe
  C:\Windows\System\AfeKEqI.exe
  2⤵
  PID:5796
- C:\Windows\System\iiQPAEl.exe
  C:\Windows\System\iiQPAEl.exe
  2⤵
  PID:5812
- C:\Windows\System\WxRqZqa.exe
  C:\Windows\System\WxRqZqa.exe
  2⤵
  PID:5828
- C:\Windows\System\ecEKSCA.exe
  C:\Windows\System\ecEKSCA.exe
  2⤵
  PID:5844
- C:\Windows\System\aLmwjJJ.exe
  C:\Windows\System\aLmwjJJ.exe
  2⤵
  PID:5860
- C:\Windows\System\fVWXiok.exe
  C:\Windows\System\fVWXiok.exe
  2⤵
  PID:5876
- C:\Windows\System\WBhgfwb.exe
  C:\Windows\System\WBhgfwb.exe
  2⤵
  PID:5892
- C:\Windows\System\dCqUGvB.exe
  C:\Windows\System\dCqUGvB.exe
  2⤵
  PID:5908
- C:\Windows\System\UmvAEoj.exe
  C:\Windows\System\UmvAEoj.exe
  2⤵
  PID:5924
- C:\Windows\System\pKTiVvO.exe
  C:\Windows\System\pKTiVvO.exe
  2⤵
  PID:5940
- C:\Windows\System\HNKgGvn.exe
  C:\Windows\System\HNKgGvn.exe
  2⤵
  PID:5956
- C:\Windows\System\iYnJKVF.exe
  C:\Windows\System\iYnJKVF.exe
  2⤵
  PID:5972
- C:\Windows\System\bToVMJy.exe
  C:\Windows\System\bToVMJy.exe
  2⤵
  PID:5996
- C:\Windows\System\LkYOMvv.exe
  C:\Windows\System\LkYOMvv.exe
  2⤵
  PID:6012
- C:\Windows\System\NReXBaN.exe
  C:\Windows\System\NReXBaN.exe
  2⤵
  PID:6028
- C:\Windows\System\boGETck.exe
  C:\Windows\System\boGETck.exe
  2⤵
  PID:6044
- C:\Windows\System\bVIGDdM.exe
  C:\Windows\System\bVIGDdM.exe
  2⤵
  PID:6060
- C:\Windows\System\oMfloNI.exe
  C:\Windows\System\oMfloNI.exe
  2⤵
  PID:6076
- C:\Windows\System\pnhibGP.exe
  C:\Windows\System\pnhibGP.exe
  2⤵
  PID:6096
- C:\Windows\System\SToqyaA.exe
  C:\Windows\System\SToqyaA.exe
  2⤵
  PID:6112
- C:\Windows\System\OtgmwVL.exe
  C:\Windows\System\OtgmwVL.exe
  2⤵
  PID:6128
- C:\Windows\System\hzOrQKS.exe
  C:\Windows\System\hzOrQKS.exe
  2⤵
  PID:4952
- C:\Windows\System\VQKJrkH.exe
  C:\Windows\System\VQKJrkH.exe
  2⤵
  PID:4672
- C:\Windows\System\qAKjagY.exe
  C:\Windows\System\qAKjagY.exe
  2⤵
  PID:5200
- C:\Windows\System\VirXUdP.exe
  C:\Windows\System\VirXUdP.exe
  2⤵
  PID:1500
- C:\Windows\System\SFnAMpp.exe
  C:\Windows\System\SFnAMpp.exe
  2⤵
  PID:576
- C:\Windows\System\OHhtfph.exe
  C:\Windows\System\OHhtfph.exe
  2⤵
  PID:5148
- C:\Windows\System\lNgxKOh.exe
  C:\Windows\System\lNgxKOh.exe
  2⤵
  PID:5292
- C:\Windows\System\wOruTrx.exe
  C:\Windows\System\wOruTrx.exe
  2⤵
  PID:5212
- C:\Windows\System\zXimaiA.exe
  C:\Windows\System\zXimaiA.exe
  2⤵
  PID:5304
- C:\Windows\System\ooFpZne.exe
  C:\Windows\System\ooFpZne.exe
  2⤵
  PID:5316
- C:\Windows\System\zdZtRzn.exe
  C:\Windows\System\zdZtRzn.exe
  2⤵
  PID:5364
- C:\Windows\System\CWdwaeD.exe
  C:\Windows\System\CWdwaeD.exe
  2⤵
  PID:5396
- C:\Windows\System\PikaxCk.exe
  C:\Windows\System\PikaxCk.exe
  2⤵
  PID:5468
- C:\Windows\System\iIwGHah.exe
  C:\Windows\System\iIwGHah.exe
  2⤵
  PID:5456
- C:\Windows\System\LPKobqi.exe
  C:\Windows\System\LPKobqi.exe
  2⤵
  PID:5416
- C:\Windows\System\YUZXSOZ.exe
  C:\Windows\System\YUZXSOZ.exe
  2⤵
  PID:5512
- C:\Windows\System\JtNXOWs.exe
  C:\Windows\System\JtNXOWs.exe
  2⤵
  PID:5556
- C:\Windows\System\rztItXQ.exe
  C:\Windows\System\rztItXQ.exe
  2⤵
  PID:5536
- C:\Windows\System\wTcsMpO.exe
  C:\Windows\System\wTcsMpO.exe
  2⤵
  PID:5584
- C:\Windows\System\XBLhkWs.exe
  C:\Windows\System\XBLhkWs.exe
  2⤵
  PID:5608
- C:\Windows\System\iMUptOo.exe
  C:\Windows\System\iMUptOo.exe
  2⤵
  PID:5624
- C:\Windows\System\DCeHXKc.exe
  C:\Windows\System\DCeHXKc.exe
  2⤵
  PID:5640
- C:\Windows\System\YgIPQRb.exe
  C:\Windows\System\YgIPQRb.exe
  2⤵
  PID:5656
- C:\Windows\System\VDalhSF.exe
  C:\Windows\System\VDalhSF.exe
  2⤵
  PID:5672
- C:\Windows\System\UakLNPA.exe
  C:\Windows\System\UakLNPA.exe
  2⤵
  PID:5604
- C:\Windows\System\ZJWCJzH.exe
  C:\Windows\System\ZJWCJzH.exe
  2⤵
  PID:5708
- C:\Windows\System\HefmljO.exe
  C:\Windows\System\HefmljO.exe
  2⤵
  PID:5728
- C:\Windows\System\ahCKAtZ.exe
  C:\Windows\System\ahCKAtZ.exe
  2⤵
  PID:5744
- C:\Windows\System\xzJcSuZ.exe
  C:\Windows\System\xzJcSuZ.exe
  2⤵
  PID:5808
- C:\Windows\System\QZTsRBs.exe
  C:\Windows\System\QZTsRBs.exe
  2⤵
  PID:5900
- C:\Windows\System\IrxLZvo.exe
  C:\Windows\System\IrxLZvo.exe
  2⤵
  PID:5856
- C:\Windows\System\VGzNPkr.exe
  C:\Windows\System\VGzNPkr.exe
  2⤵
  PID:5964
- C:\Windows\System\izsLQNw.exe
  C:\Windows\System\izsLQNw.exe
  2⤵
  PID:5952
- C:\Windows\System\SFHpxtY.exe
  C:\Windows\System\SFHpxtY.exe
  2⤵
  PID:6036
- C:\Windows\System\QpnkYnr.exe
  C:\Windows\System\QpnkYnr.exe
  2⤵
  PID:6104
- C:\Windows\System\QOmGYId.exe
  C:\Windows\System\QOmGYId.exe
  2⤵
  PID:6108
- C:\Windows\System\gGwvLzW.exe
  C:\Windows\System\gGwvLzW.exe
  2⤵
  PID:6020
- C:\Windows\System\HKySmXR.exe
  C:\Windows\System\HKySmXR.exe
  2⤵
  PID:4860
- C:\Windows\System\AxQliqu.exe
  C:\Windows\System\AxQliqu.exe
  2⤵
  PID:5160
- C:\Windows\System\osmJyCI.exe
  C:\Windows\System\osmJyCI.exe
  2⤵
  PID:6124
- C:\Windows\System\izxJmla.exe
  C:\Windows\System\izxJmla.exe
  2⤵
  PID:5264
- C:\Windows\System\jAvKRBk.exe
  C:\Windows\System\jAvKRBk.exe
  2⤵
  PID:5352
- C:\Windows\System\onjfVXa.exe
  C:\Windows\System\onjfVXa.exe
  2⤵
  PID:5412
- C:\Windows\System\zbULBcr.exe
  C:\Windows\System\zbULBcr.exe
  2⤵
  PID:5144
- C:\Windows\System\wfbtrvG.exe
  C:\Windows\System\wfbtrvG.exe
  2⤵
  PID:5280
- C:\Windows\System\rsVmtsw.exe
  C:\Windows\System\rsVmtsw.exe
  2⤵
  PID:5336
- C:\Windows\System\TJbJoON.exe
  C:\Windows\System\TJbJoON.exe
  2⤵
  PID:5420
- C:\Windows\System\giFTwKd.exe
  C:\Windows\System\giFTwKd.exe
  2⤵
  PID:5632
- C:\Windows\System\oMEqVln.exe
  C:\Windows\System\oMEqVln.exe
  2⤵
  PID:5696
- C:\Windows\System\ORrvOlx.exe
  C:\Windows\System\ORrvOlx.exe
  2⤵
  PID:5840
- C:\Windows\System\dmtlXCM.exe
  C:\Windows\System\dmtlXCM.exe
  2⤵
  PID:5888
- C:\Windows\System\LOIUWGp.exe
  C:\Windows\System\LOIUWGp.exe
  2⤵
  PID:5884
- C:\Windows\System\BWbHaBD.exe
  C:\Windows\System\BWbHaBD.exe
  2⤵
  PID:6056
- C:\Windows\System\UfPQfxq.exe
  C:\Windows\System\UfPQfxq.exe
  2⤵
  PID:5260
- C:\Windows\System\VNsBcCI.exe
  C:\Windows\System\VNsBcCI.exe
  2⤵
  PID:6088
- C:\Windows\System\GZyLrpJ.exe
  C:\Windows\System\GZyLrpJ.exe
  2⤵
  PID:5984
- C:\Windows\System\fXjGznO.exe
  C:\Windows\System\fXjGznO.exe
  2⤵
  PID:6092
- C:\Windows\System\RHgfQkR.exe
  C:\Windows\System\RHgfQkR.exe
  2⤵
  PID:5348
- C:\Windows\System\iqXhMqb.exe
  C:\Windows\System\iqXhMqb.exe
  2⤵
  PID:5620
- C:\Windows\System\KYKZgtG.exe
  C:\Windows\System\KYKZgtG.exe
  2⤵
  PID:5820
- C:\Windows\System\kxhWEEm.exe
  C:\Windows\System\kxhWEEm.exe
  2⤵
  PID:5680
- C:\Windows\System\WuFppkH.exe
  C:\Windows\System\WuFppkH.exe
  2⤵
  PID:5776
- C:\Windows\System\qFaSbfM.exe
  C:\Windows\System\qFaSbfM.exe
  2⤵
  PID:5132
- C:\Windows\System\XaZGtNQ.exe
  C:\Windows\System\XaZGtNQ.exe
  2⤵
  PID:5380
- C:\Windows\System\pNsAxKj.exe
  C:\Windows\System\pNsAxKj.exe
  2⤵
  PID:5196
- C:\Windows\System\mfpVJHT.exe
  C:\Windows\System\mfpVJHT.exe
  2⤵
  PID:5300
- C:\Windows\System\VWlzNnJ.exe
  C:\Windows\System\VWlzNnJ.exe
  2⤵
  PID:5592
- C:\Windows\System\NSHmCfV.exe
  C:\Windows\System\NSHmCfV.exe
  2⤵
  PID:5648
- C:\Windows\System\TBhPKjL.exe
  C:\Windows\System\TBhPKjL.exe
  2⤵
  PID:5636
- C:\Windows\System\mUuEuia.exe
  C:\Windows\System\mUuEuia.exe
  2⤵
  PID:5740
- C:\Windows\System\NoOfrNs.exe
  C:\Windows\System\NoOfrNs.exe
  2⤵
  PID:5948
- C:\Windows\System\nDdrMqC.exe
  C:\Windows\System\nDdrMqC.exe
  2⤵
  PID:5980
- C:\Windows\System\hksrudM.exe
  C:\Windows\System\hksrudM.exe
  2⤵
  PID:5248
- C:\Windows\System\wIDqzMo.exe
  C:\Windows\System\wIDqzMo.exe
  2⤵
  PID:5668
- C:\Windows\System\KraRZxN.exe
  C:\Windows\System\KraRZxN.exe
  2⤵
  PID:5920
- C:\Windows\System\cauKLYq.exe
  C:\Windows\System\cauKLYq.exe
  2⤵
  PID:6156
- C:\Windows\System\pZqtnRF.exe
  C:\Windows\System\pZqtnRF.exe
  2⤵
  PID:6172
- C:\Windows\System\Bpeuabe.exe
  C:\Windows\System\Bpeuabe.exe
  2⤵
  PID:6188
- C:\Windows\System\NkezPzy.exe
  C:\Windows\System\NkezPzy.exe
  2⤵
  PID:6204
- C:\Windows\System\YBSqZKJ.exe
  C:\Windows\System\YBSqZKJ.exe
  2⤵
  PID:6220
- C:\Windows\System\SUgtyEF.exe
  C:\Windows\System\SUgtyEF.exe
  2⤵
  PID:6236
- C:\Windows\System\LjfAgvu.exe
  C:\Windows\System\LjfAgvu.exe
  2⤵
  PID:6252
- C:\Windows\System\ImQTGBD.exe
  C:\Windows\System\ImQTGBD.exe
  2⤵
  PID:6268
- C:\Windows\System\nCShYFd.exe
  C:\Windows\System\nCShYFd.exe
  2⤵
  PID:6284
- C:\Windows\System\yAKxFqU.exe
  C:\Windows\System\yAKxFqU.exe
  2⤵
  PID:6300
- C:\Windows\System\xbtiWMs.exe
  C:\Windows\System\xbtiWMs.exe
  2⤵
  PID:6332
- C:\Windows\System\SQNHOtk.exe
  C:\Windows\System\SQNHOtk.exe
  2⤵
  PID:6348
- C:\Windows\System\ZFRLyKi.exe
  C:\Windows\System\ZFRLyKi.exe
  2⤵
  PID:6364
- C:\Windows\System\uSeMrWv.exe
  C:\Windows\System\uSeMrWv.exe
  2⤵
  PID:6392
- C:\Windows\System\CkuBTsG.exe
  C:\Windows\System\CkuBTsG.exe
  2⤵
  PID:6408
- C:\Windows\System\sZKHJYK.exe
  C:\Windows\System\sZKHJYK.exe
  2⤵
  PID:6424
- C:\Windows\System\IbMOIdg.exe
  C:\Windows\System\IbMOIdg.exe
  2⤵
  PID:6440
- C:\Windows\System\VmXrZCP.exe
  C:\Windows\System\VmXrZCP.exe
  2⤵
  PID:6456
- C:\Windows\System\nCxIrvw.exe
  C:\Windows\System\nCxIrvw.exe
  2⤵
  PID:6480
- C:\Windows\System\FqsbTOT.exe
  C:\Windows\System\FqsbTOT.exe
  2⤵
  PID:6508
- C:\Windows\System\XhGpLST.exe
  C:\Windows\System\XhGpLST.exe
  2⤵
  PID:6524
- C:\Windows\System\mdqvqRa.exe
  C:\Windows\System\mdqvqRa.exe
  2⤵
  PID:6604
- C:\Windows\System\SzivHsl.exe
  C:\Windows\System\SzivHsl.exe
  2⤵
  PID:6624
- C:\Windows\System\KHyVMTW.exe
  C:\Windows\System\KHyVMTW.exe
  2⤵
  PID:6640
- C:\Windows\System\xGbxhDS.exe
  C:\Windows\System\xGbxhDS.exe
  2⤵
  PID:6656
- C:\Windows\System\SqMOzzm.exe
  C:\Windows\System\SqMOzzm.exe
  2⤵
  PID:6672
- C:\Windows\System\jnLPecM.exe
  C:\Windows\System\jnLPecM.exe
  2⤵
  PID:6692
- C:\Windows\System\LnOXMpa.exe
  C:\Windows\System\LnOXMpa.exe
  2⤵
  PID:6708
- C:\Windows\System\rFMkoOb.exe
  C:\Windows\System\rFMkoOb.exe
  2⤵
  PID:6724
- C:\Windows\System\GWVCpPZ.exe
  C:\Windows\System\GWVCpPZ.exe
  2⤵
  PID:6740
- C:\Windows\System\TcGZdvJ.exe
  C:\Windows\System\TcGZdvJ.exe
  2⤵
  PID:6756
- C:\Windows\System\pfeLZwE.exe
  C:\Windows\System\pfeLZwE.exe
  2⤵
  PID:6772
- C:\Windows\System\gWUKzdT.exe
  C:\Windows\System\gWUKzdT.exe
  2⤵
  PID:6788
- C:\Windows\System\IZdamNz.exe
  C:\Windows\System\IZdamNz.exe
  2⤵
  PID:6804
- C:\Windows\System\AzFHrUs.exe
  C:\Windows\System\AzFHrUs.exe
  2⤵
  PID:6820
- C:\Windows\System\qYYzXho.exe
  C:\Windows\System\qYYzXho.exe
  2⤵
  PID:6836
- C:\Windows\System\SJYuaUN.exe
  C:\Windows\System\SJYuaUN.exe
  2⤵
  PID:6852
- C:\Windows\System\VXgKWbN.exe
  C:\Windows\System\VXgKWbN.exe
  2⤵
  PID:6868
- C:\Windows\System\JLsYFpT.exe
  C:\Windows\System\JLsYFpT.exe
  2⤵
  PID:6884
- C:\Windows\System\tYRrmbW.exe
  C:\Windows\System\tYRrmbW.exe
  2⤵
  PID:6900
- C:\Windows\System\UtlDlTp.exe
  C:\Windows\System\UtlDlTp.exe
  2⤵
  PID:6916
- C:\Windows\System\irjrwPi.exe
  C:\Windows\System\irjrwPi.exe
  2⤵
  PID:6932
- C:\Windows\System\RMyyHQN.exe
  C:\Windows\System\RMyyHQN.exe
  2⤵
  PID:6948
- C:\Windows\System\CkhDCyN.exe
  C:\Windows\System\CkhDCyN.exe
  2⤵
  PID:6964
- C:\Windows\System\CzabpyU.exe
  C:\Windows\System\CzabpyU.exe
  2⤵
  PID:6980
- C:\Windows\System\jlnzdFM.exe
  C:\Windows\System\jlnzdFM.exe
  2⤵
  PID:6996
- C:\Windows\System\rnNloGq.exe
  C:\Windows\System\rnNloGq.exe
  2⤵
  PID:7020
- C:\Windows\System\VDQPcVa.exe
  C:\Windows\System\VDQPcVa.exe
  2⤵
  PID:7052
- C:\Windows\System\klQCEpl.exe
  C:\Windows\System\klQCEpl.exe
  2⤵
  PID:7068
- C:\Windows\System\vruXrjp.exe
  C:\Windows\System\vruXrjp.exe
  2⤵
  PID:7084
- C:\Windows\System\YktFKUv.exe
  C:\Windows\System\YktFKUv.exe
  2⤵
  PID:7104
- C:\Windows\System\pNrBDsN.exe
  C:\Windows\System\pNrBDsN.exe
  2⤵
  PID:7120
- C:\Windows\System\vqXunWU.exe
  C:\Windows\System\vqXunWU.exe
  2⤵
  PID:7136
- C:\Windows\System\NDvaEPa.exe
  C:\Windows\System\NDvaEPa.exe
  2⤵
  PID:7152
- C:\Windows\System\VsjgPLR.exe
  C:\Windows\System\VsjgPLR.exe
  2⤵
  PID:5684
- C:\Windows\System\EskHxfN.exe
  C:\Windows\System\EskHxfN.exe
  2⤵
  PID:1972
- C:\Windows\System\AbSXVAt.exe
  C:\Windows\System\AbSXVAt.exe
  2⤵
  PID:5616
- C:\Windows\System\KODqHdZ.exe
  C:\Windows\System\KODqHdZ.exe
  2⤵
  PID:6184
- C:\Windows\System\KQkLrZa.exe
  C:\Windows\System\KQkLrZa.exe
  2⤵
  PID:6404
- C:\Windows\System\TWzOUMo.exe
  C:\Windows\System\TWzOUMo.exe
  2⤵
  PID:6488
- C:\Windows\System\iPwMCvr.exe
  C:\Windows\System\iPwMCvr.exe
  2⤵
  PID:6536
- C:\Windows\System\XIXyAGi.exe
  C:\Windows\System\XIXyAGi.exe
  2⤵
  PID:5852
- C:\Windows\System\FActBEb.exe
  C:\Windows\System\FActBEb.exe
  2⤵
  PID:6556
- C:\Windows\System\JrsZsZr.exe
  C:\Windows\System\JrsZsZr.exe
  2⤵
  PID:6576
- C:\Windows\System\wnijdxH.exe
  C:\Windows\System\wnijdxH.exe
  2⤵
  PID:6596
- C:\Windows\System\IeUrqPE.exe
  C:\Windows\System\IeUrqPE.exe
  2⤵
  PID:6616
- C:\Windows\System\wpxrbOu.exe
  C:\Windows\System\wpxrbOu.exe
  2⤵
  PID:6652
- C:\Windows\System\xPFYbss.exe
  C:\Windows\System\xPFYbss.exe
  2⤵
  PID:6716
- C:\Windows\System\lGUmakU.exe
  C:\Windows\System\lGUmakU.exe
  2⤵
  PID:6764
- C:\Windows\System\IHUjxHM.exe
  C:\Windows\System\IHUjxHM.exe
  2⤵
  PID:6796
- C:\Windows\System\cYPvnDd.exe
  C:\Windows\System\cYPvnDd.exe
  2⤵
  PID:6828
- C:\Windows\System\MBdHOfS.exe
  C:\Windows\System\MBdHOfS.exe
  2⤵
  PID:6864
- C:\Windows\System\NtdrpNL.exe
  C:\Windows\System\NtdrpNL.exe
  2⤵
  PID:6880
- C:\Windows\System\pbXIsGd.exe
  C:\Windows\System\pbXIsGd.exe
  2⤵
  PID:6940
- C:\Windows\System\WpUJysg.exe
  C:\Windows\System\WpUJysg.exe
  2⤵
  PID:7004
- C:\Windows\System\SdsTQBR.exe
  C:\Windows\System\SdsTQBR.exe
  2⤵
  PID:6928
- C:\Windows\System\SmtYAlm.exe
  C:\Windows\System\SmtYAlm.exe
  2⤵
  PID:6992
- C:\Windows\System\gfNtELs.exe
  C:\Windows\System\gfNtELs.exe
  2⤵
  PID:7040
- C:\Windows\System\pgADEQK.exe
  C:\Windows\System\pgADEQK.exe
  2⤵
  PID:7076
- C:\Windows\System\ljmFYSs.exe
  C:\Windows\System\ljmFYSs.exe
  2⤵
  PID:7144
- C:\Windows\System\FqVAENk.exe
  C:\Windows\System\FqVAENk.exe
  2⤵
  PID:6164
- C:\Windows\System\GUPVlFX.exe
  C:\Windows\System\GUPVlFX.exe
  2⤵
  PID:6168
- C:\Windows\System\rCQoOVn.exe
  C:\Windows\System\rCQoOVn.exe
  2⤵
  PID:7132
- C:\Windows\System\dzPNOFO.exe
  C:\Windows\System\dzPNOFO.exe
  2⤵
  PID:7064
- C:\Windows\System\GzfRJiL.exe
  C:\Windows\System\GzfRJiL.exe
  2⤵
  PID:6260
- C:\Windows\System\ymiHiUP.exe
  C:\Windows\System\ymiHiUP.exe
  2⤵
  PID:6344
- C:\Windows\System\oaYvGbD.exe
  C:\Windows\System\oaYvGbD.exe
  2⤵
  PID:6276
- C:\Windows\System\hZyriMT.exe
  C:\Windows\System\hZyriMT.exe
  2⤵
  PID:6320
- C:\Windows\System\FdvSeyJ.exe
  C:\Windows\System\FdvSeyJ.exe
  2⤵
  PID:6308
- C:\Windows\System\ioDzSmU.exe
  C:\Windows\System\ioDzSmU.exe
  2⤵
  PID:6376
- C:\Windows\System\kbitUou.exe
  C:\Windows\System\kbitUou.exe
  2⤵
  PID:6356
- C:\Windows\System\ArmQRTq.exe
  C:\Windows\System\ArmQRTq.exe
  2⤵
  PID:6360
- C:\Windows\System\aZboswV.exe
  C:\Windows\System\aZboswV.exe
  2⤵
  PID:5988
- C:\Windows\System\KAaZmqr.exe
  C:\Windows\System\KAaZmqr.exe
  2⤵
  PID:6432
- C:\Windows\System\WiQclVP.exe
  C:\Windows\System\WiQclVP.exe
  2⤵
  PID:6504
- C:\Windows\System\KVjcOPN.exe
  C:\Windows\System\KVjcOPN.exe
  2⤵
  PID:6572
- C:\Windows\System\faEwwqc.exe
  C:\Windows\System\faEwwqc.exe
  2⤵
  PID:6688
- C:\Windows\System\PdSlxfu.exe
  C:\Windows\System\PdSlxfu.exe
  2⤵
  PID:6720
- C:\Windows\System\uhqQrNg.exe
  C:\Windows\System\uhqQrNg.exe
  2⤵
  PID:6588
- C:\Windows\System\uPBYJoc.exe
  C:\Windows\System\uPBYJoc.exe
  2⤵
  PID:6600
- C:\Windows\System\EnNRKtP.exe
  C:\Windows\System\EnNRKtP.exe
  2⤵
  PID:6848
- C:\Windows\System\CKtyqXG.exe
  C:\Windows\System\CKtyqXG.exe
  2⤵
  PID:6972
- C:\Windows\System\dbJMVFa.exe
  C:\Windows\System\dbJMVFa.exe
  2⤵
  PID:7036
- C:\Windows\System\hzqpvFr.exe
  C:\Windows\System\hzqpvFr.exe
  2⤵
  PID:7116
- C:\Windows\System\PcdhwMx.exe
  C:\Windows\System\PcdhwMx.exe
  2⤵
  PID:7096
- C:\Windows\System\ajqFlhJ.exe
  C:\Windows\System\ajqFlhJ.exe
  2⤵
  PID:6292
- C:\Windows\System\TdOMgxy.exe
  C:\Windows\System\TdOMgxy.exe
  2⤵
  PID:7164
- C:\Windows\System\eQsvhtL.exe
  C:\Windows\System\eQsvhtL.exe
  2⤵
  PID:6296
- C:\Windows\System\HkyXIGu.exe
  C:\Windows\System\HkyXIGu.exe
  2⤵
  PID:6436
- C:\Windows\System\LUthExW.exe
  C:\Windows\System\LUthExW.exe
  2⤵
  PID:6416
- C:\Windows\System\DQdzQsx.exe
  C:\Windows\System\DQdzQsx.exe
  2⤵
  PID:6704
- C:\Windows\System\tLbFeGU.exe
  C:\Windows\System\tLbFeGU.exe
  2⤵
  PID:7112
- C:\Windows\System\MXcytZi.exe
  C:\Windows\System\MXcytZi.exe
  2⤵
  PID:6216
- C:\Windows\System\EIKyHeZ.exe
  C:\Windows\System\EIKyHeZ.exe
  2⤵
  PID:6924
- C:\Windows\System\hGnVECh.exe
  C:\Windows\System\hGnVECh.exe
  2⤵
  PID:5596
- C:\Windows\System\ROEyEFz.exe
  C:\Windows\System\ROEyEFz.exe
  2⤵
  PID:6452
- C:\Windows\System\rjGHcho.exe
  C:\Windows\System\rjGHcho.exe
  2⤵
  PID:6380
- C:\Windows\System\ZEXddzR.exe
  C:\Windows\System\ZEXddzR.exe
  2⤵
  PID:6832
- C:\Windows\System\yyEqGOk.exe
  C:\Windows\System\yyEqGOk.exe
  2⤵
  PID:6548
- C:\Windows\System\PRJjMtQ.exe
  C:\Windows\System\PRJjMtQ.exe
  2⤵
  PID:6552
- C:\Windows\System\grnngdq.exe
  C:\Windows\System\grnngdq.exe
  2⤵
  PID:7012
- C:\Windows\System\nEfvdXV.exe
  C:\Windows\System\nEfvdXV.exe
  2⤵
  PID:6464
- C:\Windows\System\TsPzCxe.exe
  C:\Windows\System\TsPzCxe.exe
  2⤵
  PID:6476
- C:\Windows\System\qMzJGnV.exe
  C:\Windows\System\qMzJGnV.exe
  2⤵
  PID:5804
- C:\Windows\System\ujrOjey.exe
  C:\Windows\System\ujrOjey.exe
  2⤵
  PID:7172
- C:\Windows\System\hNHwIMk.exe
  C:\Windows\System\hNHwIMk.exe
  2⤵
  PID:7188
- C:\Windows\System\pTQXfXU.exe
  C:\Windows\System\pTQXfXU.exe
  2⤵
  PID:7204
- C:\Windows\System\VMrXEKs.exe
  C:\Windows\System\VMrXEKs.exe
  2⤵
  PID:7220
- C:\Windows\System\KquSKdc.exe
  C:\Windows\System\KquSKdc.exe
  2⤵
  PID:7236
- C:\Windows\System\hVkstdf.exe
  C:\Windows\System\hVkstdf.exe
  2⤵
  PID:7252
- C:\Windows\System\ExlxOGy.exe
  C:\Windows\System\ExlxOGy.exe
  2⤵
  PID:7268
- C:\Windows\System\zAbEANC.exe
  C:\Windows\System\zAbEANC.exe
  2⤵
  PID:7284
- C:\Windows\System\tyreWfW.exe
  C:\Windows\System\tyreWfW.exe
  2⤵
  PID:7300
- C:\Windows\System\JtyJmrb.exe
  C:\Windows\System\JtyJmrb.exe
  2⤵
  PID:7316
- C:\Windows\System\ceDEWzx.exe
  C:\Windows\System\ceDEWzx.exe
  2⤵
  PID:7332
- C:\Windows\System\svaIFmF.exe
  C:\Windows\System\svaIFmF.exe
  2⤵
  PID:7348
- C:\Windows\System\BmWkyXq.exe
  C:\Windows\System\BmWkyXq.exe
  2⤵
  PID:7364
- C:\Windows\System\OXnikpP.exe
  C:\Windows\System\OXnikpP.exe
  2⤵
  PID:7380
- C:\Windows\System\Ymghxuv.exe
  C:\Windows\System\Ymghxuv.exe
  2⤵
  PID:7400
- C:\Windows\System\dQntLQH.exe
  C:\Windows\System\dQntLQH.exe
  2⤵
  PID:7424
- C:\Windows\System\qfOfQVy.exe
  C:\Windows\System\qfOfQVy.exe
  2⤵
  PID:7444
- C:\Windows\System\GbBHjmd.exe
  C:\Windows\System\GbBHjmd.exe
  2⤵
  PID:7480
- C:\Windows\System\CWmQCTX.exe
  C:\Windows\System\CWmQCTX.exe
  2⤵
  PID:7496
- C:\Windows\System\rqHkVxh.exe
  C:\Windows\System\rqHkVxh.exe
  2⤵
  PID:7516
- C:\Windows\System\kbJZNFp.exe
  C:\Windows\System\kbJZNFp.exe
  2⤵
  PID:7532
- C:\Windows\System\ijedpLA.exe
  C:\Windows\System\ijedpLA.exe
  2⤵
  PID:7552
- C:\Windows\System\uaNEQeZ.exe
  C:\Windows\System\uaNEQeZ.exe
  2⤵
  PID:7568
- C:\Windows\System\exxNsof.exe
  C:\Windows\System\exxNsof.exe
  2⤵
  PID:7604
- C:\Windows\System\QVoihDu.exe
  C:\Windows\System\QVoihDu.exe
  2⤵
  PID:7620
- C:\Windows\System\bQWgQkU.exe
  C:\Windows\System\bQWgQkU.exe
  2⤵
  PID:7636
- C:\Windows\System\MrMegmm.exe
  C:\Windows\System\MrMegmm.exe
  2⤵
  PID:7656
- C:\Windows\System\JCsOxyA.exe
  C:\Windows\System\JCsOxyA.exe
  2⤵
  PID:7672
- C:\Windows\System\rZyJHlA.exe
  C:\Windows\System\rZyJHlA.exe
  2⤵
  PID:7688
- C:\Windows\System\djNQGyi.exe
  C:\Windows\System\djNQGyi.exe
  2⤵
  PID:7704
- C:\Windows\System\czOrMUu.exe
  C:\Windows\System\czOrMUu.exe
  2⤵
  PID:7720
- C:\Windows\System\jZmkKmk.exe
  C:\Windows\System\jZmkKmk.exe
  2⤵
  PID:7736
- C:\Windows\System\JhYAiga.exe
  C:\Windows\System\JhYAiga.exe
  2⤵
  PID:7752
- C:\Windows\System\Cepstrh.exe
  C:\Windows\System\Cepstrh.exe
  2⤵
  PID:7780
- C:\Windows\System\rBapVDS.exe
  C:\Windows\System\rBapVDS.exe
  2⤵
  PID:7796
- C:\Windows\System\oPEatHC.exe
  C:\Windows\System\oPEatHC.exe
  2⤵
  PID:7812
- C:\Windows\System\pnzpqOb.exe
  C:\Windows\System\pnzpqOb.exe
  2⤵
  PID:7828
- C:\Windows\System\jqCvIAO.exe
  C:\Windows\System\jqCvIAO.exe
  2⤵
  PID:7844
- C:\Windows\System\naxVZAb.exe
  C:\Windows\System\naxVZAb.exe
  2⤵
  PID:7860
- C:\Windows\System\JxYHkfp.exe
  C:\Windows\System\JxYHkfp.exe
  2⤵
  PID:7876
- C:\Windows\System\XdzaVTd.exe
  C:\Windows\System\XdzaVTd.exe
  2⤵
  PID:7892
- C:\Windows\System\YAXnIMu.exe
  C:\Windows\System\YAXnIMu.exe
  2⤵
  PID:7908
- C:\Windows\System\UUQvIlb.exe
  C:\Windows\System\UUQvIlb.exe
  2⤵
  PID:7928
- C:\Windows\System\ZhRIjVM.exe
  C:\Windows\System\ZhRIjVM.exe
  2⤵
  PID:7948
- C:\Windows\System\Uegdrdb.exe
  C:\Windows\System\Uegdrdb.exe
  2⤵
  PID:7964
- C:\Windows\System\wEgaHSi.exe
  C:\Windows\System\wEgaHSi.exe
  2⤵
  PID:7980
- C:\Windows\System\EanOwHT.exe
  C:\Windows\System\EanOwHT.exe
  2⤵
  PID:7996
- C:\Windows\System\rOmHvRG.exe
  C:\Windows\System\rOmHvRG.exe
  2⤵
  PID:8012
- C:\Windows\System\nQQMxPy.exe
  C:\Windows\System\nQQMxPy.exe
  2⤵
  PID:8028
- C:\Windows\System\LVAXGyW.exe
  C:\Windows\System\LVAXGyW.exe
  2⤵
  PID:8044
- C:\Windows\System\hncSsNE.exe
  C:\Windows\System\hncSsNE.exe
  2⤵
  PID:8060
- C:\Windows\System\UTzYugJ.exe
  C:\Windows\System\UTzYugJ.exe
  2⤵
  PID:8080
- C:\Windows\System\JDYciMv.exe
  C:\Windows\System\JDYciMv.exe
  2⤵
  PID:8096
- C:\Windows\System\KJFbjla.exe
  C:\Windows\System\KJFbjla.exe
  2⤵
  PID:8112
- C:\Windows\System\GoSeZhf.exe
  C:\Windows\System\GoSeZhf.exe
  2⤵
  PID:8132
- C:\Windows\System\TNfCQCO.exe
  C:\Windows\System\TNfCQCO.exe
  2⤵
  PID:8148
- C:\Windows\System\YWKsLlC.exe
  C:\Windows\System\YWKsLlC.exe
  2⤵
  PID:8164
- C:\Windows\System\aJMggbT.exe
  C:\Windows\System\aJMggbT.exe
  2⤵
  PID:8180
- C:\Windows\System\NSAHEIw.exe
  C:\Windows\System\NSAHEIw.exe
  2⤵
  PID:6908
- C:\Windows\System\yafkhwq.exe
  C:\Windows\System\yafkhwq.exe
  2⤵
  PID:7160
- C:\Windows\System\HPsabaE.exe
  C:\Windows\System\HPsabaE.exe
  2⤵
  PID:7228
- C:\Windows\System\PZvSKAq.exe
  C:\Windows\System\PZvSKAq.exe
  2⤵
  PID:7264
- C:\Windows\System\sALkLGQ.exe
  C:\Windows\System\sALkLGQ.exe
  2⤵
  PID:7328
- C:\Windows\System\kZeiLVz.exe
  C:\Windows\System\kZeiLVz.exe
  2⤵
  PID:6896
- C:\Windows\System\JuEJSeZ.exe
  C:\Windows\System\JuEJSeZ.exe
  2⤵
  PID:7312
- C:\Windows\System\QRYUSUJ.exe
  C:\Windows\System\QRYUSUJ.exe
  2⤵
  PID:7308
- C:\Windows\System\bTPjdrG.exe
  C:\Windows\System\bTPjdrG.exe
  2⤵
  PID:7216
- C:\Windows\System\MAvxrVb.exe
  C:\Windows\System\MAvxrVb.exe
  2⤵
  PID:7360
- C:\Windows\System\DaoUspj.exe
  C:\Windows\System\DaoUspj.exe
  2⤵
  PID:7396
- C:\Windows\System\oRoTciM.exe
  C:\Windows\System\oRoTciM.exe
  2⤵
  PID:7420
- C:\Windows\System\Lcizbzs.exe
  C:\Windows\System\Lcizbzs.exe
  2⤵
  PID:7452
- C:\Windows\System\vKcmRRy.exe
  C:\Windows\System\vKcmRRy.exe
  2⤵
  PID:7468
- C:\Windows\System\idzifgU.exe
  C:\Windows\System\idzifgU.exe
  2⤵
  PID:7492
- C:\Windows\System\CbAYkhY.exe
  C:\Windows\System\CbAYkhY.exe
  2⤵
  PID:7524
- C:\Windows\System\uOXQqDu.exe
  C:\Windows\System\uOXQqDu.exe
  2⤵
  PID:7580
- C:\Windows\System\QRWtlrb.exe
  C:\Windows\System\QRWtlrb.exe
  2⤵
  PID:7576
- C:\Windows\System\YwjkfeX.exe
  C:\Windows\System\YwjkfeX.exe
  2⤵
  PID:7600
- C:\Windows\System\lNXGscz.exe
  C:\Windows\System\lNXGscz.exe
  2⤵
  PID:7668
- C:\Windows\System\tzmGiFx.exe
  C:\Windows\System\tzmGiFx.exe
  2⤵
  PID:7648
- C:\Windows\System\lFxNlfW.exe
  C:\Windows\System\lFxNlfW.exe
  2⤵
  PID:7728
- C:\Windows\System\qXMGrDg.exe
  C:\Windows\System\qXMGrDg.exe
  2⤵
  PID:7772
- C:\Windows\System\IbmxbeJ.exe
  C:\Windows\System\IbmxbeJ.exe
  2⤵
  PID:7712
- C:\Windows\System\VmPHFqB.exe
  C:\Windows\System\VmPHFqB.exe
  2⤵
  PID:7764
- C:\Windows\System\IcCDwbq.exe
  C:\Windows\System\IcCDwbq.exe
  2⤵
  PID:7792
- C:\Windows\System\hWEpuYj.exe
  C:\Windows\System\hWEpuYj.exe
  2⤵
  PID:7872
- C:\Windows\System\IPlgRGx.exe
  C:\Windows\System\IPlgRGx.exe
  2⤵
  PID:7884
- C:\Windows\System\dJKVggP.exe
  C:\Windows\System\dJKVggP.exe
  2⤵
  PID:7888
- C:\Windows\System\GxuFjCp.exe
  C:\Windows\System\GxuFjCp.exe
  2⤵
  PID:7852
- C:\Windows\System\DfvsHaU.exe
  C:\Windows\System\DfvsHaU.exe
  2⤵
  PID:7976
- C:\Windows\System\TJIppVb.exe
  C:\Windows\System\TJIppVb.exe
  2⤵
  PID:8040
- C:\Windows\System\SOYkGQf.exe
  C:\Windows\System\SOYkGQf.exe
  2⤵
  PID:8068
- C:\Windows\System\MiqaAff.exe
  C:\Windows\System\MiqaAff.exe
  2⤵
  PID:7992
- C:\Windows\System\bvZXwLM.exe
  C:\Windows\System\bvZXwLM.exe
  2⤵
  PID:8092
- C:\Windows\System\ZlmzSdW.exe
  C:\Windows\System\ZlmzSdW.exe
  2⤵
  PID:8140
- C:\Windows\System\xHbePXe.exe
  C:\Windows\System\xHbePXe.exe
  2⤵
  PID:6988
- C:\Windows\System\osVWMYv.exe
  C:\Windows\System\osVWMYv.exe
  2⤵
  PID:8124
- C:\Windows\System\BARhCpO.exe
  C:\Windows\System\BARhCpO.exe
  2⤵
  PID:8128
- C:\Windows\System\KMcIfKq.exe
  C:\Windows\System\KMcIfKq.exe
  2⤵
  PID:7196
- C:\Windows\System\GWOFlMH.exe
  C:\Windows\System\GWOFlMH.exe
  2⤵
  PID:7028
- C:\Windows\System\htzQPQB.exe
  C:\Windows\System\htzQPQB.exe
  2⤵
  PID:7184
- C:\Windows\System\YeBkkmq.exe
  C:\Windows\System\YeBkkmq.exe
  2⤵
  PID:7248
- C:\Windows\System\JtCXTJP.exe
  C:\Windows\System\JtCXTJP.exe
  2⤵
  PID:7388
- C:\Windows\System\kbVEhwV.exe
  C:\Windows\System\kbVEhwV.exe
  2⤵
  PID:7464
- C:\Windows\System\uwDpjpL.exe
  C:\Windows\System\uwDpjpL.exe
  2⤵
  PID:7560
- C:\Windows\System\WfpvZim.exe
  C:\Windows\System\WfpvZim.exe
  2⤵
  PID:7628
- C:\Windows\System\hmOFzbG.exe
  C:\Windows\System\hmOFzbG.exe
  2⤵
  PID:7476
- C:\Windows\System\xfXsrQZ.exe
  C:\Windows\System\xfXsrQZ.exe
  2⤵
  PID:7588
- C:\Windows\System\VKIYwHT.exe
  C:\Windows\System\VKIYwHT.exe
  2⤵
  PID:7768
- C:\Windows\System\IljQSdW.exe
  C:\Windows\System\IljQSdW.exe
  2⤵
  PID:7840
- C:\Windows\System\YytmtLA.exe
  C:\Windows\System\YytmtLA.exe
  2⤵
  PID:7788
- C:\Windows\System\eTZWqfL.exe
  C:\Windows\System\eTZWqfL.exe
  2⤵
  PID:7936
- C:\Windows\System\rSoxZPy.exe
  C:\Windows\System\rSoxZPy.exe
  2⤵
  PID:7944
- C:\Windows\System\zMuJBVu.exe
  C:\Windows\System\zMuJBVu.exe
  2⤵
  PID:7960
- C:\Windows\System\wrYCOtp.exe
  C:\Windows\System\wrYCOtp.exe
  2⤵
  PID:8172
- C:\Windows\System\CjWhICJ.exe
  C:\Windows\System\CjWhICJ.exe
  2⤵
  PID:7232
- C:\Windows\System\gHQTgIR.exe
  C:\Windows\System\gHQTgIR.exe
  2⤵
  PID:7592
- C:\Windows\System\dtnZWve.exe
  C:\Windows\System\dtnZWve.exe
  2⤵
  PID:7412
- C:\Windows\System\gtjTvvh.exe
  C:\Windows\System\gtjTvvh.exe
  2⤵
  PID:7512
- C:\Windows\System\TZWvYyA.exe
  C:\Windows\System\TZWvYyA.exe
  2⤵
  PID:8108
- C:\Windows\System\AOChNWn.exe
  C:\Windows\System\AOChNWn.exe
  2⤵
  PID:6736
- C:\Windows\System\tiLqJTQ.exe
  C:\Windows\System\tiLqJTQ.exe
  2⤵
  PID:7820
- C:\Windows\System\GKKnuOs.exe
  C:\Windows\System\GKKnuOs.exe
  2⤵
  PID:7244
- C:\Windows\System\bbcSyKN.exe
  C:\Windows\System\bbcSyKN.exe
  2⤵
  PID:6496
- C:\Windows\System\OTqCoFv.exe
  C:\Windows\System\OTqCoFv.exe
  2⤵
  PID:8056
- C:\Windows\System\IOkcCOn.exe
  C:\Windows\System\IOkcCOn.exe
  2⤵
  PID:7324
- C:\Windows\System\ovaMYMd.exe
  C:\Windows\System\ovaMYMd.exe
  2⤵
  PID:8036
- C:\Windows\System\QgcizaC.exe
  C:\Windows\System\QgcizaC.exe
  2⤵
  PID:7508
- C:\Windows\System\hjdpxbq.exe
  C:\Windows\System\hjdpxbq.exe
  2⤵
  PID:7340
- C:\Windows\System\sZKZcUy.exe
  C:\Windows\System\sZKZcUy.exe
  2⤵
  PID:7548
- C:\Windows\System\WgmIbZe.exe
  C:\Windows\System\WgmIbZe.exe
  2⤵
  PID:7440
- C:\Windows\System\PhFyXGh.exe
  C:\Windows\System\PhFyXGh.exe
  2⤵
  PID:7644
- C:\Windows\System\AMErXhq.exe
  C:\Windows\System\AMErXhq.exe
  2⤵
  PID:7616
- C:\Windows\System\VAOhytz.exe
  C:\Windows\System\VAOhytz.exe
  2⤵
  PID:8208
- C:\Windows\System\OjrdDDV.exe
  C:\Windows\System\OjrdDDV.exe
  2⤵
  PID:8224
- C:\Windows\System\eHBdLLi.exe
  C:\Windows\System\eHBdLLi.exe
  2⤵
  PID:8240
- C:\Windows\System\NuhMqlu.exe
  C:\Windows\System\NuhMqlu.exe
  2⤵
  PID:8256
- C:\Windows\System\apBnrWQ.exe
  C:\Windows\System\apBnrWQ.exe
  2⤵
  PID:8272
- C:\Windows\System\gdkMtRx.exe
  C:\Windows\System\gdkMtRx.exe
  2⤵
  PID:8288
- C:\Windows\System\yUJXtyA.exe
  C:\Windows\System\yUJXtyA.exe
  2⤵
  PID:8304
- C:\Windows\System\deKTkBw.exe
  C:\Windows\System\deKTkBw.exe
  2⤵
  PID:8320
- C:\Windows\System\wEjyEoU.exe
  C:\Windows\System\wEjyEoU.exe
  2⤵
  PID:8336
- C:\Windows\System\CgtFQbb.exe
  C:\Windows\System\CgtFQbb.exe
  2⤵
  PID:8352
- C:\Windows\System\PbIQIpL.exe
  C:\Windows\System\PbIQIpL.exe
  2⤵
  PID:8368
- C:\Windows\System\gYKNYCf.exe
  C:\Windows\System\gYKNYCf.exe
  2⤵
  PID:8384
- C:\Windows\System\znTZAmF.exe
  C:\Windows\System\znTZAmF.exe
  2⤵
  PID:8400
- C:\Windows\System\emhJWEs.exe
  C:\Windows\System\emhJWEs.exe
  2⤵
  PID:8416
- C:\Windows\System\DvHJvVI.exe
  C:\Windows\System\DvHJvVI.exe
  2⤵
  PID:8432
- C:\Windows\System\ypJCVGW.exe
  C:\Windows\System\ypJCVGW.exe
  2⤵
  PID:8448
- C:\Windows\System\MDLbDTK.exe
  C:\Windows\System\MDLbDTK.exe
  2⤵
  PID:8464
- C:\Windows\System\UmHBuYA.exe
  C:\Windows\System\UmHBuYA.exe
  2⤵
  PID:8480
- C:\Windows\System\hkhLaAH.exe
  C:\Windows\System\hkhLaAH.exe
  2⤵
  PID:8496
- C:\Windows\System\TKiiGwo.exe
  C:\Windows\System\TKiiGwo.exe
  2⤵
  PID:8512
- C:\Windows\System\uoGLvXl.exe
  C:\Windows\System\uoGLvXl.exe
  2⤵
  PID:8528
- C:\Windows\System\YpzjHtW.exe
  C:\Windows\System\YpzjHtW.exe
  2⤵
  PID:8544
- C:\Windows\System\XubwVmU.exe
  C:\Windows\System\XubwVmU.exe
  2⤵
  PID:8560
- C:\Windows\System\bTxWkJa.exe
  C:\Windows\System\bTxWkJa.exe
  2⤵
  PID:8576
- C:\Windows\System\BGmAdJq.exe
  C:\Windows\System\BGmAdJq.exe
  2⤵
  PID:8592
- C:\Windows\System\kLyEWvv.exe
  C:\Windows\System\kLyEWvv.exe
  2⤵
  PID:8608
- C:\Windows\System\GCUiPHd.exe
  C:\Windows\System\GCUiPHd.exe
  2⤵
  PID:8632
- C:\Windows\System\zJWLJJy.exe
  C:\Windows\System\zJWLJJy.exe
  2⤵
  PID:8648
- C:\Windows\System\ITYzMER.exe
  C:\Windows\System\ITYzMER.exe
  2⤵
  PID:8664
- C:\Windows\System\fJhgiOt.exe
  C:\Windows\System\fJhgiOt.exe
  2⤵
  PID:8684
- C:\Windows\System\XgaTFEY.exe
  C:\Windows\System\XgaTFEY.exe
  2⤵
  PID:8700
- C:\Windows\System\PzjrfMw.exe
  C:\Windows\System\PzjrfMw.exe
  2⤵
  PID:8716
- C:\Windows\System\WTiWyKL.exe
  C:\Windows\System\WTiWyKL.exe
  2⤵
  PID:8732
- C:\Windows\System\iWceuKZ.exe
  C:\Windows\System\iWceuKZ.exe
  2⤵
  PID:8748
- C:\Windows\System\WAGrEKf.exe
  C:\Windows\System\WAGrEKf.exe
  2⤵
  PID:8764
- C:\Windows\System\mdReJnm.exe
  C:\Windows\System\mdReJnm.exe
  2⤵
  PID:8780
- C:\Windows\System\UkRIoDW.exe
  C:\Windows\System\UkRIoDW.exe
  2⤵
  PID:8796
- C:\Windows\System\zDWHVEM.exe
  C:\Windows\System\zDWHVEM.exe
  2⤵
  PID:8812
- C:\Windows\System\cwhkPvU.exe
  C:\Windows\System\cwhkPvU.exe
  2⤵
  PID:8828
- C:\Windows\System\CUBsMKK.exe
  C:\Windows\System\CUBsMKK.exe
  2⤵
  PID:8844
- C:\Windows\System\RCcBtNi.exe
  C:\Windows\System\RCcBtNi.exe
  2⤵
  PID:8860
- C:\Windows\System\OidsnTr.exe
  C:\Windows\System\OidsnTr.exe
  2⤵
  PID:8876
- C:\Windows\System\AjcVGUd.exe
  C:\Windows\System\AjcVGUd.exe
  2⤵
  PID:8892
- C:\Windows\System\EXspIGT.exe
  C:\Windows\System\EXspIGT.exe
  2⤵
  PID:8908
- C:\Windows\System\sIGLPld.exe
  C:\Windows\System\sIGLPld.exe
  2⤵
  PID:8924
- C:\Windows\System\MAhasCo.exe
  C:\Windows\System\MAhasCo.exe
  2⤵
  PID:8940
- C:\Windows\System\MpEWkbm.exe
  C:\Windows\System\MpEWkbm.exe
  2⤵
  PID:8956
- C:\Windows\System\DDGQsic.exe
  C:\Windows\System\DDGQsic.exe
  2⤵
  PID:8972
- C:\Windows\System\kwBgHqm.exe
  C:\Windows\System\kwBgHqm.exe
  2⤵
  PID:8988
- C:\Windows\System\DCMuAYQ.exe
  C:\Windows\System\DCMuAYQ.exe
  2⤵
  PID:9004
- C:\Windows\System\FKPJtRo.exe
  C:\Windows\System\FKPJtRo.exe
  2⤵
  PID:9020
- C:\Windows\System\zAICSBw.exe
  C:\Windows\System\zAICSBw.exe
  2⤵
  PID:9036
- C:\Windows\System\RdRtIHE.exe
  C:\Windows\System\RdRtIHE.exe
  2⤵
  PID:9052
- C:\Windows\System\jSeARKh.exe
  C:\Windows\System\jSeARKh.exe
  2⤵
  PID:9068
- C:\Windows\System\GabDVAH.exe
  C:\Windows\System\GabDVAH.exe
  2⤵
  PID:9084
- C:\Windows\System\pXiJmco.exe
  C:\Windows\System\pXiJmco.exe
  2⤵
  PID:9100
- C:\Windows\System\nqTcpyX.exe
  C:\Windows\System\nqTcpyX.exe
  2⤵
  PID:9116
- C:\Windows\System\MKgRKFE.exe
  C:\Windows\System\MKgRKFE.exe
  2⤵
  PID:9132
- C:\Windows\System\pfTocLK.exe
  C:\Windows\System\pfTocLK.exe
  2⤵
  PID:9148
- C:\Windows\System\TzCwSQz.exe
  C:\Windows\System\TzCwSQz.exe
  2⤵
  PID:9164
- C:\Windows\System\YABxDYD.exe
  C:\Windows\System\YABxDYD.exe
  2⤵
  PID:9180
- C:\Windows\System\sTVdVkZ.exe
  C:\Windows\System\sTVdVkZ.exe
  2⤵
  PID:9196
- C:\Windows\System\hESEFcd.exe
  C:\Windows\System\hESEFcd.exe
  2⤵
  PID:9212
- C:\Windows\System\fbbjWAE.exe
  C:\Windows\System\fbbjWAE.exe
  2⤵
  PID:8204
- C:\Windows\System\CjTwAxk.exe
  C:\Windows\System\CjTwAxk.exe
  2⤵
  PID:8268
- C:\Windows\System\mbZlzrg.exe
  C:\Windows\System\mbZlzrg.exe
  2⤵
  PID:8160
- C:\Windows\System\iGcNYgP.exe
  C:\Windows\System\iGcNYgP.exe
  2⤵
  PID:7684
- C:\Windows\System\xMQDCJE.exe
  C:\Windows\System\xMQDCJE.exe
  2⤵
  PID:8248
- C:\Windows\System\fQbJVOf.exe
  C:\Windows\System\fQbJVOf.exe
  2⤵
  PID:8332
- C:\Windows\System\ymIFUbV.exe
  C:\Windows\System\ymIFUbV.exe
  2⤵
  PID:8396
- C:\Windows\System\AvyspAr.exe
  C:\Windows\System\AvyspAr.exe
  2⤵
  PID:8380
- C:\Windows\System\BTvCtRM.exe
  C:\Windows\System\BTvCtRM.exe
  2⤵
  PID:8348
- C:\Windows\System\nCuixta.exe
  C:\Windows\System\nCuixta.exe
  2⤵
  PID:8444
- C:\Windows\System\hBHaEFx.exe
  C:\Windows\System\hBHaEFx.exe
  2⤵
  PID:8492
- C:\Windows\System\NfgCaAv.exe
  C:\Windows\System\NfgCaAv.exe
  2⤵
  PID:8556
- C:\Windows\System\BkCDvMx.exe
  C:\Windows\System\BkCDvMx.exe
  2⤵
  PID:8472
- C:\Windows\System\zrgNTTi.exe
  C:\Windows\System\zrgNTTi.exe
  2⤵
  PID:8604
- C:\Windows\System\xlYlvzS.exe
  C:\Windows\System\xlYlvzS.exe
  2⤵
  PID:8568
- C:\Windows\System\yiqtBbs.exe
  C:\Windows\System\yiqtBbs.exe
  2⤵
  PID:8640
- C:\Windows\System\oTCHhCd.exe
  C:\Windows\System\oTCHhCd.exe
  2⤵
  PID:8672
- C:\Windows\System\xJsogVC.exe
  C:\Windows\System\xJsogVC.exe
  2⤵
  PID:8696
- C:\Windows\System\zSrhyRM.exe
  C:\Windows\System\zSrhyRM.exe
  2⤵
  PID:8708
- C:\Windows\System\UDIWSBL.exe
  C:\Windows\System\UDIWSBL.exe
  2⤵
  PID:8772
- C:\Windows\System\jVuHlNU.exe
  C:\Windows\System\jVuHlNU.exe
  2⤵
  PID:8836
- C:\Windows\System\AZfOeah.exe
  C:\Windows\System\AZfOeah.exe
  2⤵
  PID:8824
- C:\Windows\System\UpLOQCE.exe
  C:\Windows\System\UpLOQCE.exe
  2⤵
  PID:8888
- C:\Windows\System\hndbfor.exe
  C:\Windows\System\hndbfor.exe
  2⤵
  PID:8952
- C:\Windows\System\LDCfuYc.exe
  C:\Windows\System\LDCfuYc.exe
  2⤵
  PID:9016
- C:\Windows\System\RjzLGLt.exe
  C:\Windows\System\RjzLGLt.exe
  2⤵
  PID:8868
- C:\Windows\System\MMiEShd.exe
  C:\Windows\System\MMiEShd.exe
  2⤵
  PID:9112
- C:\Windows\System\fpESGpA.exe
  C:\Windows\System\fpESGpA.exe
  2⤵
  PID:9204
- C:\Windows\System\IUHPPGL.exe
  C:\Windows\System\IUHPPGL.exe
  2⤵
  PID:7924
- C:\Windows\System\cCDNcgo.exe
  C:\Windows\System\cCDNcgo.exe
  2⤵
  PID:8428
- C:\Windows\System\bqHFUYc.exe
  C:\Windows\System\bqHFUYc.exe
  2⤵
  PID:8932
- C:\Windows\System\CdRMCNz.exe
  C:\Windows\System\CdRMCNz.exe
  2⤵
  PID:8524
- C:\Windows\System\NQIDRZt.exe
  C:\Windows\System\NQIDRZt.exe
  2⤵
  PID:7344
- C:\Windows\System\lJfvIxs.exe
  C:\Windows\System\lJfvIxs.exe
  2⤵
  PID:8936
- C:\Windows\System\tMeUZnp.exe
  C:\Windows\System\tMeUZnp.exe
  2⤵
  PID:8820
- C:\Windows\System\rhsnQKn.exe
  C:\Windows\System\rhsnQKn.exe
  2⤵
  PID:8968
- C:\Windows\System\XAaJpov.exe
  C:\Windows\System\XAaJpov.exe
  2⤵
  PID:8216
- C:\Windows\System\PdTjFKF.exe
  C:\Windows\System\PdTjFKF.exe
  2⤵
  PID:8392
- C:\Windows\System\dUnGBSd.exe
  C:\Windows\System\dUnGBSd.exe
  2⤵
  PID:9032
- C:\Windows\System\ZmmfSqH.exe
  C:\Windows\System\ZmmfSqH.exe
  2⤵
  PID:9092
- C:\Windows\System\msnpKLA.exe
  C:\Windows\System\msnpKLA.exe
  2⤵
  PID:9156
- C:\Windows\System\JIYdNVn.exe
  C:\Windows\System\JIYdNVn.exe
  2⤵
  PID:8076
- C:\Windows\System\igkNdIH.exe
  C:\Windows\System\igkNdIH.exe
  2⤵
  PID:8656
- C:\Windows\System\WbASQAD.exe
  C:\Windows\System\WbASQAD.exe
  2⤵
  PID:8460
- C:\Windows\System\QqQVLkJ.exe
  C:\Windows\System\QqQVLkJ.exe
  2⤵
  PID:9080
- C:\Windows\System\tIPJLjj.exe
  C:\Windows\System\tIPJLjj.exe
  2⤵
  PID:9172
- C:\Windows\System\JpPyUsa.exe
  C:\Windows\System\JpPyUsa.exe
  2⤵
  PID:8900
- C:\Windows\System\VhweFHp.exe
  C:\Windows\System\VhweFHp.exe
  2⤵
  PID:8600
- C:\Windows\System\nStkfqz.exe
  C:\Windows\System\nStkfqz.exe
  2⤵
  PID:8316
- C:\Windows\System\QFOqUQD.exe
  C:\Windows\System\QFOqUQD.exe
  2⤵
  PID:8964
- C:\Windows\System\YhIzsyF.exe
  C:\Windows\System\YhIzsyF.exe
  2⤵
  PID:8756
- C:\Windows\System\niFYYdj.exe
  C:\Windows\System\niFYYdj.exe
  2⤵
  PID:9160
- C:\Windows\System\EQFOvxz.exe
  C:\Windows\System\EQFOvxz.exe
  2⤵
  PID:8624
- C:\Windows\System\OMAYhME.exe
  C:\Windows\System\OMAYhME.exe
  2⤵
  PID:9044
- C:\Windows\System\oaKNTYc.exe
  C:\Windows\System\oaKNTYc.exe
  2⤵
  PID:8280
- C:\Windows\System\QuUQURa.exe
  C:\Windows\System\QuUQURa.exe
  2⤵
  PID:8792
- C:\Windows\System\lLPUFYb.exe
  C:\Windows\System\lLPUFYb.exe
  2⤵
  PID:8440
- C:\Windows\System\RweDQds.exe
  C:\Windows\System\RweDQds.exe
  2⤵
  PID:8680
- C:\Windows\System\GjVNFlB.exe
  C:\Windows\System\GjVNFlB.exe
  2⤵
  PID:8364
- C:\Windows\System\qFeWEJq.exe
  C:\Windows\System\qFeWEJq.exe
  2⤵
  PID:8948
- C:\Windows\System\bsjtEJA.exe
  C:\Windows\System\bsjtEJA.exe
  2⤵
  PID:9176
- C:\Windows\System\gbeFAxP.exe
  C:\Windows\System\gbeFAxP.exe
  2⤵
  PID:9064
- C:\Windows\System\TiOGmZr.exe
  C:\Windows\System\TiOGmZr.exe
  2⤵
  PID:9096
- C:\Windows\System\NFSQwqq.exe
  C:\Windows\System\NFSQwqq.exe
  2⤵
  PID:8760
- C:\Windows\System\TCCDrvq.exe
  C:\Windows\System\TCCDrvq.exe
  2⤵
  PID:9232
- C:\Windows\System\JlPyuEu.exe
  C:\Windows\System\JlPyuEu.exe
  2⤵
  PID:9248
- C:\Windows\System\fsmkOYE.exe
  C:\Windows\System\fsmkOYE.exe
  2⤵
  PID:9264
- C:\Windows\System\agIlUGj.exe
  C:\Windows\System\agIlUGj.exe
  2⤵
  PID:9280
- C:\Windows\System\UrfqEEj.exe
  C:\Windows\System\UrfqEEj.exe
  2⤵
  PID:9296
- C:\Windows\System\QyfcdsO.exe
  C:\Windows\System\QyfcdsO.exe
  2⤵
  PID:9312
- C:\Windows\System\cTSuRiY.exe
  C:\Windows\System\cTSuRiY.exe
  2⤵
  PID:9332
- C:\Windows\System\MgHIMrU.exe
  C:\Windows\System\MgHIMrU.exe
  2⤵
  PID:9364
- C:\Windows\System\iwBVIrw.exe
  C:\Windows\System\iwBVIrw.exe
  2⤵
  PID:9380
- C:\Windows\System\MdYyvnC.exe
  C:\Windows\System\MdYyvnC.exe
  2⤵
  PID:9396
- C:\Windows\System\mTcmMPv.exe
  C:\Windows\System\mTcmMPv.exe
  2⤵
  PID:9416
- C:\Windows\System\LGFxtgj.exe
  C:\Windows\System\LGFxtgj.exe
  2⤵
  PID:9432
- C:\Windows\System\MWyPROc.exe
  C:\Windows\System\MWyPROc.exe
  2⤵
  PID:9448
- C:\Windows\System\UyBuAmO.exe
  C:\Windows\System\UyBuAmO.exe
  2⤵
  PID:9464
- C:\Windows\System\AAppSRD.exe
  C:\Windows\System\AAppSRD.exe
  2⤵
  PID:9520
- C:\Windows\System\YaIYAJe.exe
  C:\Windows\System\YaIYAJe.exe
  2⤵
  PID:9616
- C:\Windows\System\awwMyIH.exe
  C:\Windows\System\awwMyIH.exe
  2⤵
  PID:9636
- C:\Windows\System\UAlHdXk.exe
  C:\Windows\System\UAlHdXk.exe
  2⤵
  PID:10124
- C:\Windows\System\PHLgmuF.exe
  C:\Windows\System\PHLgmuF.exe
  2⤵
  PID:10160
- C:\Windows\System\gZpVQwt.exe
  C:\Windows\System\gZpVQwt.exe
  2⤵
  PID:10192
- C:\Windows\System\pKEKcbd.exe
  C:\Windows\System\pKEKcbd.exe
  2⤵
  PID:10220
- C:\Windows\System\PZxdqqF.exe
  C:\Windows\System\PZxdqqF.exe
  2⤵
  PID:9224
- C:\Windows\System\JZwNywp.exe
  C:\Windows\System\JZwNywp.exe
  2⤵
  PID:9240
- C:\Windows\System\GfzFKZb.exe
  C:\Windows\System\GfzFKZb.exe
  2⤵
  PID:9272
- C:\Windows\System\aKscTZB.exe
  C:\Windows\System\aKscTZB.exe
  2⤵
  PID:9308
- C:\Windows\System\LJzhQAp.exe
  C:\Windows\System\LJzhQAp.exe
  2⤵
  PID:9392
- C:\Windows\System\zaAnGHM.exe
  C:\Windows\System\zaAnGHM.exe
  2⤵
  PID:9424
- C:\Windows\System\QDMHakJ.exe
  C:\Windows\System\QDMHakJ.exe
  2⤵
  PID:9500
- C:\Windows\System\cIoxJzB.exe
  C:\Windows\System\cIoxJzB.exe
  2⤵
  PID:9576
- C:\Windows\System\EAUQHux.exe
  C:\Windows\System\EAUQHux.exe
  2⤵
  PID:9572
- C:\Windows\System\kmyTPzO.exe
  C:\Windows\System\kmyTPzO.exe
  2⤵
  PID:9596
- C:\Windows\System\nvPcGRC.exe
  C:\Windows\System\nvPcGRC.exe
  2⤵
  PID:9628
- C:\Windows\System\zRyXNLe.exe
  C:\Windows\System\zRyXNLe.exe
  2⤵
  PID:9652
- C:\Windows\System\vdCeucX.exe
  C:\Windows\System\vdCeucX.exe
  2⤵
  PID:9660
- C:\Windows\System\ekzoVXB.exe
  C:\Windows\System\ekzoVXB.exe
  2⤵
  PID:9680
- C:\Windows\System\Zhjrjjm.exe
  C:\Windows\System\Zhjrjjm.exe
  2⤵
  PID:9696
- C:\Windows\System\XIzbkJY.exe
  C:\Windows\System\XIzbkJY.exe
  2⤵
  PID:9716
- C:\Windows\System\ydFdkLz.exe
  C:\Windows\System\ydFdkLz.exe
  2⤵
  PID:9736
- C:\Windows\System\bxxBkiu.exe
  C:\Windows\System\bxxBkiu.exe
  2⤵
  PID:9808
- C:\Windows\System\wuyomwp.exe
  C:\Windows\System\wuyomwp.exe
  2⤵
  PID:9828
- C:\Windows\System\PNSSCBN.exe
  C:\Windows\System\PNSSCBN.exe
  2⤵
  PID:9840
- C:\Windows\System\LsMMQkh.exe
  C:\Windows\System\LsMMQkh.exe
  2⤵
  PID:9856
- C:\Windows\System\VjukvTt.exe
  C:\Windows\System\VjukvTt.exe
  2⤵
  PID:9876
- C:\Windows\System\caiDgEI.exe
  C:\Windows\System\caiDgEI.exe
  2⤵
  PID:9904
- C:\Windows\System\uHvOyOk.exe
  C:\Windows\System\uHvOyOk.exe
  2⤵
  PID:9920
- C:\Windows\System\xntsZCd.exe
  C:\Windows\System\xntsZCd.exe
  2⤵
  PID:10024
- C:\Windows\System\NdeiqcG.exe
  C:\Windows\System\NdeiqcG.exe
  2⤵
  PID:10012
- C:\Windows\System\bakIZrB.exe
  C:\Windows\System\bakIZrB.exe
  2⤵
  PID:10032
- C:\Windows\System\DomivPQ.exe
  C:\Windows\System\DomivPQ.exe
  2⤵
  PID:10052
- C:\Windows\System\SPCfWWN.exe
  C:\Windows\System\SPCfWWN.exe
  2⤵
  PID:10076
- C:\Windows\System\TRkXlrC.exe
  C:\Windows\System\TRkXlrC.exe
  2⤵
  PID:10092
- C:\Windows\System\tuQIxeR.exe
  C:\Windows\System\tuQIxeR.exe
  2⤵
  PID:10136
- C:\Windows\System\fixcwAX.exe
  C:\Windows\System\fixcwAX.exe
  2⤵
  PID:10156
- C:\Windows\System\nCJItDf.exe
  C:\Windows\System\nCJItDf.exe
  2⤵
  PID:10200
- C:\Windows\System\heEKWfS.exe
  C:\Windows\System\heEKWfS.exe
  2⤵
  PID:10228
- C:\Windows\System\AZBOama.exe
  C:\Windows\System\AZBOama.exe
  2⤵
  PID:9624
- C:\Windows\System\QqNvriu.exe
  C:\Windows\System\QqNvriu.exe
  2⤵
  PID:8300
- C:\Windows\System\UTPgQIT.exe
  C:\Windows\System\UTPgQIT.exe
  2⤵
  PID:9348
- C:\Windows\System\RCBfntm.exe
  C:\Windows\System\RCBfntm.exe
  2⤵
  PID:9372
- C:\Windows\System\LPrBxSB.exe
  C:\Windows\System\LPrBxSB.exe
  2⤵
  PID:9444
- C:\Windows\System\WvyUChj.exe
  C:\Windows\System\WvyUChj.exe
  2⤵
  PID:9508
- C:\Windows\System\wNPfQAC.exe
  C:\Windows\System\wNPfQAC.exe
  2⤵
  PID:9532
- C:\Windows\System\eUbskrJ.exe
  C:\Windows\System\eUbskrJ.exe
  2⤵
  PID:9552
- C:\Windows\System\bcmLywM.exe
  C:\Windows\System\bcmLywM.exe
  2⤵
  PID:9544
- C:\Windows\System\nRbXyFK.exe
  C:\Windows\System\nRbXyFK.exe
  2⤵
  PID:9496
- C:\Windows\System\ZIGGIzu.exe
  C:\Windows\System\ZIGGIzu.exe
  2⤵
  PID:9608
- C:\Windows\System\zerSOst.exe
  C:\Windows\System\zerSOst.exe
  2⤵
  PID:9692
- C:\Windows\System\OSSpqKW.exe
  C:\Windows\System\OSSpqKW.exe
  2⤵
  PID:9780
- C:\Windows\System\YYdDJzf.exe
  C:\Windows\System\YYdDJzf.exe
  2⤵
  PID:9756
- C:\Windows\System\dRobjTY.exe
  C:\Windows\System\dRobjTY.exe
  2⤵
  PID:9772
- C:\Windows\System\SfZwQDT.exe
  C:\Windows\System\SfZwQDT.exe
  2⤵
  PID:9728
- C:\Windows\System\WXujwJJ.exe
  C:\Windows\System\WXujwJJ.exe
  2⤵
  PID:9824
- C:\Windows\System\GUZhVyO.exe
  C:\Windows\System\GUZhVyO.exe
  2⤵
  PID:9888
- C:\Windows\System\PKhkUof.exe
  C:\Windows\System\PKhkUof.exe
  2⤵
  PID:9880
- C:\Windows\System\iAglUQb.exe
  C:\Windows\System\iAglUQb.exe
  2⤵
  PID:9900
- C:\Windows\System\dFPYyNp.exe
  C:\Windows\System\dFPYyNp.exe
  2⤵
  PID:9940
- C:\Windows\System\dNYiETM.exe
  C:\Windows\System\dNYiETM.exe
  2⤵
  PID:9944
- C:\Windows\System\pRYIbGF.exe
  C:\Windows\System\pRYIbGF.exe
  2⤵
  PID:9440
- C:\Windows\System\KqfKcTE.exe
  C:\Windows\System\KqfKcTE.exe
  2⤵
  PID:9984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ALaZhrb.exe

Filesize
6.0MB

MD5
9c4ab31b30b4d06204b033c75619e326

SHA1
4fac119820e7b867084af6b996297736111fe6df

SHA256
aa951f18e2820c0d634d9c61348fac79a48e211bf89211dbdc7fb958d6e107cc

SHA512
33bf87487fe2fff4a517b91ebfc3bc556eafac475fc96ccaf1cdd9879e14b4db08303c49a7ec9c0b106c48387be941ef5fe393af8af86bc4ec30eb9c283844f6

Download Submit
C:\Windows\system\BuUZyWE.exe

Filesize
6.0MB

MD5
f19df6539f640907bc5b0cfef2ca2c78

SHA1
f98e5a56dc6cc3f38b9e6c3dc9d566e7ac92e035

SHA256
bbf3b1bbb19e0c4f06c0f1c1fac2e22b825290e9ce3610d6ff2d4b828dc92c53

SHA512
0648d5e53a69e3a7f209673d51db05ec8009693da0dad6987077f7eb9f0c2bcd1fcf75f94b3a7e75f16a70c71f53ae8e08b735281bb5ac0087c508c69d823b2c

Download Submit
C:\Windows\system\DXQjKCw.exe

Filesize
6.0MB

MD5
9fd2220b7efb99abb5db3fb968c95e3d

SHA1
a6fad1f15b50b979f70ace5ea23ebd6a0325993a

SHA256
40dd5548b8615668074a37c81e15f720ad28530d2854e63c5056a3c8f1a976b1

SHA512
6d8c060f582593fb311df898e5b4eabd63b72f545df58982042e8e74109c793de81da3fa86b0839cdb6664f678ac8d30c12ba18c29cabe37d9605097bd6a5a95

Download Submit
C:\Windows\system\LLebJqe.exe

Filesize
6.0MB

MD5
95a5563259de0db8b1618af9a8ac416d

SHA1
e8f727fd4f4015edbef81a89485851280ccb6e35

SHA256
a10488379cdbb312c1e92fca49e31ebbea18e967201bdd77c413f74a3b4f494a

SHA512
bbd5ca930d45569bff587d51085f68fa1e9f15c634629b026c02752ddf5dd6d6b41e336e4566d51b572c6d998ce1b64477ba591b52ba4d737c179195b1a9fa53

Download Submit
C:\Windows\system\MMnEWmD.exe

Filesize
6.0MB

MD5
533aa068be87d9cadad8b42d196d1d1a

SHA1
e5969e3c3578bc52d0e7afe5e5e579f7a5255d21

SHA256
fb2217ec6847cf1a3bf2622d225fffab5bcb4f29b4b31fac6acaca38d3d93ff1

SHA512
917e82f75d400eb9906065d7c598121aecd1bf467fad1325f4cc6b0e05a24755e416dc0c95958406821e3d3043a59933c99d14dded09c3e9a10c8f2785f2c252

Download Submit
C:\Windows\system\PCHLaDJ.exe

Filesize
6.0MB

MD5
99b35611b52f8b2d1bdd36a98f32c101

SHA1
2a75110fe725ad5d442319708f3769f28bbb9215

SHA256
54ac00f48a940426907bb6172ddcc6d32ce4079562726657834d2e7c542d4821

SHA512
0c7dad2f9620da6aee86d75b831676589f203589fb2e52ceb84de8582912ccd7b04792842c166c00a7579dd6ee2918bb095997498e1a9657f3af06fce1247f10

Download Submit
C:\Windows\system\QCmUWkO.exe

Filesize
6.0MB

MD5
8793583bd2019fff95e4345586cb1525

SHA1
1bd1ceb4b8957909979cf27104ae66feb348fd57

SHA256
095273ba84ba5f3e87f81ec40845e91be8c078f2e8409110cb198a29bb976dd6

SHA512
405cb2f657de097c52bea455fff5510f6ef7cf59f27d215b89e0d6bee380406c2060c2f89c2cf4595395785ac8148e1f22cacb70370d459d2d23c1c7fe6bdd2b

Download Submit
C:\Windows\system\TjFNrYy.exe

Filesize
6.0MB

MD5
ffdd192e9115bea9d6f69b350c48a410

SHA1
64fee20a57e4abb0158d11c1c439918f75b5a4ce

SHA256
2f5564ac8c284be90b97fe137c9796a5a4b9c61738155474ca9de3564d998277

SHA512
77298f1754d11a502fd855a14a89ac95695eb5ef972979818164749ab324d1a51057f381d578309b67a761ccb7b284e2481a54998d3ef91ca4fe87ef76b5f17f

Download Submit
C:\Windows\system\XjvQTtc.exe

Filesize
6.0MB

MD5
cdf2d113466c7e2ee5d148206d974222

SHA1
b787f140e7856906ceca929f2ea83818fdfe96ce

SHA256
ae5765537ac5a6985d321602232653963d10dc7f59de1cf3ff524d44fb348bce

SHA512
891bc4e55a7b6e3b83fdf24c280f699c83a943247a4751ba0bcb34da4e34bcef50f24f4d2d9d82996ddf1d777a3dd127695967a001bedec1b2934088118150bb

Download Submit
C:\Windows\system\bEqrSZU.exe

Filesize
6.0MB

MD5
fa4b498844b2a3361b10deac7bde812e

SHA1
c668ea02e0bc1bf587b7aba205ae80058564eb03

SHA256
1f292074b47187794fea9620056bc69a6d0e73bbe4a0a633bcefe3c1283169af

SHA512
b786b01b5bbdd914b7da2b1dc4d1f42977101f247ad81587522dfef6af5f769e40c719487112cc4d558df64fbb9f5fda28de6c1d518b8b540f301073b2e801c3

Download Submit
C:\Windows\system\cIkDhrZ.exe

Filesize
6.0MB

MD5
1611b9cac6e9884724e42251b9914fd2

SHA1
356208a13abdd25cbd4ddef78a4ee85ead86dedd

SHA256
7e02543445662036446008de6a5318ff0008a6d3cf6278ab3916eb8c4f6929e3

SHA512
846bfe538fc3db951847584090de1552af4513412c18f35d24c873a1e8ebb71f67846981042772f82b943b6260e1459d33d07f103d11e2455b02c2501e660cde

Download Submit
C:\Windows\system\czXonEX.exe

Filesize
6.0MB

MD5
85b1357ec660ce46651c93aaa619e538

SHA1
1e7c6b1d4a4efd54abd581d24038634979f58671

SHA256
2d6c891ee36c62ae0095d70f9c565a7c400c146a44d23eb6578c8504dc3f74c3

SHA512
c880dba0fa6c9ac7115dec7bf420b7b6f7ddd8c61b56917fc19510db4d6188b122a0b48280b87a3f6c371070885f39a29bc44b9ed02b4f1b5b79eaa3b287897b

Download Submit
C:\Windows\system\eFzUFDY.exe

Filesize
6.0MB

MD5
ff9da0b45b60fe6216ea2bcdeb3d72d6

SHA1
63938c92a088f3fef81bc0ee2cc46f5f764685b6

SHA256
76a14badf0e3125b1ab436c9c7a7339ff52861bcbc7f6f785ec2591785c4f488

SHA512
540aa64c5a9b915867c98fb2b1eaf6f1b52f6d6c305f7789572be50bd4ed177747966c5847f60261dff9b24773fee39967d843a39d477bdc80f753f74ffd91a3

Download Submit
C:\Windows\system\gloerFk.exe

Filesize
6.0MB

MD5
af6cbd97ba96b4bf523184ce866360f7

SHA1
d66c4447c801f26df9e460b187a565bc7e364395

SHA256
6a5286a92ccdc2f0fa0322ff745b63e04e3068a07ce8bb1cb2afc6a92f65d004

SHA512
c4a988e0df9380dba4e0d1063a6ee5c1fa5859107711915f8d5e55e76b4c3ff72b9e703e60e88c525f6713e1c33cadffa128ba0ce51f82cdf14207f71575794f

Download Submit
C:\Windows\system\hNyhaVL.exe

Filesize
6.0MB

MD5
ac14b0a2d67891a5d9d73d30befa2216

SHA1
24d8e900a4c1755605357855d5173df64858deca

SHA256
03d0e64d3b4c425bd1d269c1be5edaf60098e24b3e22d58b31b50314c7611e8f

SHA512
e756896f2d38661151b3b1d92ffce37cab7a2df4e7cf1a4b36affabcf074d829d11c70f89257b924f7591a37441de6d4d0afdeee8b37ef8da45d23f1ee1cf543

Download Submit
C:\Windows\system\iLOVCGX.exe

Filesize
6.0MB

MD5
6699ea162591ad0a91acf6f108c7b490

SHA1
1811d610801382dfdfa4459b92057ce9818137ae

SHA256
345a0cd4b8693b50aa298beadf9517c5e1d7b640022c3f4ddd834e7c0fcaec55

SHA512
b9ac8dd1862dea618e32b5a39ad53274385b7456866cadbb1b409a4e9e065db3400f1770e73c0cdcaffa181dd0cac7bc9fb6e9a9e6391d4391f9fb5d7aeb41ce

Download Submit
C:\Windows\system\jSNyArj.exe

Filesize
6.0MB

MD5
a2e70a1e484d454042a3cdc430e5c8a2

SHA1
72e6c3a9e8f9c1e8217f7841571cf77a1fae9b7f

SHA256
d6ef28c8b3c886bcc9a260084cb7b5cd05b713722860968628fee28c4a70b13c

SHA512
46e784f82ae11e3d640903166bad3e0774ab4448ff0b508db784ade4d9665f7854542168b0b9e71088c88aad92d9bfd55b10efa14f4843eddbc0f848d2e4f505

Download Submit
C:\Windows\system\mIaEQrk.exe

Filesize
6.0MB

MD5
f0b25aa56e3b01aad8d6ee3184a4f238

SHA1
d2ec000a0a51d3af18359ab6d21ffab352e0ad90

SHA256
b7982016a7da23885ab60b7206fa705e778130a7ff8d346c11154e2dc8a1fec9

SHA512
1d8b6d019996e05b0558ac9c74ef37228ecf270db3596499d03e9caa696daa24db97ec98f2a72c97bbc0f6f768ac44a0a4f42801a6d93163fd4d9ae344c3194f

Download Submit
C:\Windows\system\ohKVwOd.exe

Filesize
6.0MB

MD5
6579b5b8c6222a9babf8b788c8c91e2c

SHA1
74821b48e6d88de1f491d54d432005d99c08f68d

SHA256
c947b81bf8a37113a66dbd02a6785debf9e13c6c4e150940f991015bc9262e7c

SHA512
19b4941d9f9b73fd449d1184cb008be21076b3d3d6b71abe9e11fa376c82447964e9939673cbe07f662591f995f406f5ef949d125b031eb6167b02b4173ac355

Download Submit
C:\Windows\system\qinhxen.exe

Filesize
6.0MB

MD5
de8be294cb1f8a9d9d084c2739cc4c78

SHA1
fbdd6ec737bde0c179f88ccf83a9b13e4ad4b795

SHA256
6372afb4d33a883c763c38044486bff0676990149f700af9b9444deb372d8724

SHA512
b2dc98b08bc59ccb42d11855dd6c18b1f5df80dfc7ba843c828816f58d568bc6e3503224a70a2d88e2f5bacab3f769894bfac7ed67e649e52963c6b5a8e9dbb2

Download Submit
C:\Windows\system\rxcPCGN.exe

Filesize
6.0MB

MD5
a3a731f958a9e0a29f8baca93f11df63

SHA1
db823132d80002178420d6a018160876d886388b

SHA256
948abb584277dac2d235b08075401d21da12eea121826f4909de510a2dc1cbea

SHA512
6a3ee6846e5702ccc070b86c55d7bf3063714f9b79bc79b16202d41dc7a72d15ecb7baa884cad66439509393a2b450cadf1e0b6cb32b0dd02071ad5c9024120b

Download Submit
\Windows\system\FDDHLAZ.exe

Filesize
6.0MB

MD5
09dd4b4031cfb8852193a2e0b25d1ccb

SHA1
5a5468e275cffd7a50074142a6878c8cd9a1695d

SHA256
7cd31312fcd78145ec1817cefb99d686551c022356e26610784446c35ad95af6

SHA512
d5b8a3027c3495b026eb4c8967b6965f22fbc56793387cd6c09deda8f8a1d5891cb3f224c96b95aa5a4e11a517cd783f5964031978c51c8a1d17c516d6cb1e65

Download Submit
\Windows\system\JkHIWyh.exe

Filesize
6.0MB

MD5
dbcbc1240e670a749584bdc1da10d4d5

SHA1
0a814b41e731937742324179fa0d2333fd6bd37f

SHA256
d13a7ef72354a95089b352c651767d0ce7c08ffe4b9bce0c9547234f7b773dbc

SHA512
258c29a7180876a4f0518f06099e283422565fe5280b0ec3d425cdedbd28152d41b2206b7adb90463400004cd199987a2f10255397de14951284ac0ac97e64e4

Download Submit
\Windows\system\PLnxeLU.exe

Filesize
6.0MB

MD5
324dab69e5ddd390c6da3985292c4bf4

SHA1
22112295510158391e4897f43befb48f5a4d5226

SHA256
e8e85f9a75b56b10a0e0e53ce72782a790c1a518f60c7c51a72528f9a835b728

SHA512
4465487ba0b3eeca6c50c846ba4f1b24ee13024691440b93c1a1c8751fa7b1b1f35d64059c9760000c96d95b17d7ad29e2f87dbb397471632d444c0cc085d578

Download Submit
\Windows\system\UcQBsYG.exe

Filesize
6.0MB

MD5
640bb673516b8edfc82d13fb9fa87f8f

SHA1
9ed4f47d7ebae4d8a846bfb0c440de794c4f0b76

SHA256
2bb3b3ea0fdd30534ed42d45eda89d41be917666e56b8ce9a019e2ec22d0ea42

SHA512
e83680be6d4055cd3f40255299a35ca8f03b3d902fdeb362968d82674136f07e427d69dbb78f592616fcacaf5bf4de0f4aae6d88c1ba8e1d08c87ddec6875c5a

Download Submit
\Windows\system\VLsjtym.exe

Filesize
6.0MB

MD5
2bfd5ee7ae8304d111b3caddd0955d73

SHA1
07b2bb8c1b563f206cf6b3287ef470799aae2722

SHA256
c1684a31117d1b5213f143571d499c3a5affbd886f0f1360024dff69a8918955

SHA512
b99c88563c039b2cb8e8f8c0c935263aa795ca977da4de62291f249761bcb220777f38180b8a3a03fa8a9bdfc67fee5fa3d8643033c14b04edc971f06b1e0db2

Download Submit
\Windows\system\XXHuwSJ.exe

Filesize
6.0MB

MD5
7393fb27c99b409a3186e18c943ecf0d

SHA1
50b7af85f1067b0fdb0bd2024f4f1149ed822c7f

SHA256
de915f1ad6d6f94c429121181041bf165238a6dd72496e886a64fe8f9b09fbc5

SHA512
bbef36c1c447699a8db55e535ba504723b6f0ea72a99bd9cd2014ba4bbc65e9c4bc23146146e8d87d92cef61ecc6bd861568cfe4e28de2378d6ff91745946e7d

Download Submit
\Windows\system\ZNQRDXN.exe

Filesize
6.0MB

MD5
a0a8bc765c306c4dbe017174cb3e8309

SHA1
7025a32edfba7e20f09b04e85c0e9212996d0e65

SHA256
27a0eb57e785f4237cd76ec275beab6b1d496329de248a078f5a4eefee8d32dc

SHA512
08e3bfa1b5bd63659e7fdf0703d2b96b48de1ad90c941de4ca46b625df15b762c67ea28b070d0e098c54dc24b941c98ef6578458700cd5f2b0320040a12366b3

Download Submit
\Windows\system\caOPHXZ.exe

Filesize
6.0MB

MD5
a3a56fb6801c4e2189e41c463138d880

SHA1
6288ca89c9e3e9c26379968c6cce34cbe2bb7795

SHA256
060e8299e7af9bd35af9f8b34f2a2f252e4fbea14d3da534a29fbe65468e5276

SHA512
2e2b712c313c53012b7599f13454922611ae706db534344e018bf391884e5a5bd06c3a1b39a92b167a1b1552df6fc7a920e4fd71dadbd782079b7f339174467f

Download Submit
\Windows\system\eJPjJeX.exe

Filesize
6.0MB

MD5
045483ea9cb18739ed5c361401faeb80

SHA1
ae6c13714b686acf010c7bc3d52ec94d460e044b

SHA256
3478cc1e5bec78408685c4db6e4a7fb7983362655672c8c09f852540c3dac71d

SHA512
33d4fcf1f0dfbaab3b1414e72734ff54ecb6c43e2909b83e476aa5664f24cfb54ab0034c8d509794b6e28d78ebac0ad72cda2cb84a5b07b45378db5922d3ffb3

Download Submit
\Windows\system\ngKsCoU.exe

Filesize
6.0MB

MD5
7c79e6cf53daf23bdfc1317c70bb42ad

SHA1
b6e9be697ffeda536af407d6e238b97df295ece6

SHA256
ff265b028f8bfb6cad60006418c71e9df2ba1696771642daf72718b55ef63961

SHA512
3baadb98824281feea19dd2addff8a4f1e02a652fbad0b5e3981c333e9ce828e749a4e93e4b54e3816b3d6878bb4f24b2821b27e7a5b3fc6c661833d64591cb0

Download Submit
\Windows\system\oTqtQII.exe

Filesize
6.0MB

MD5
270a9e30723230d61d4c33e468c70ff2

SHA1
5465e0b014ee93896ab170b0994aca6c0621689e

SHA256
856658d19b030577f2459cf67aa6e7d2a0f55917f6914feee0a59e8a6b2548e0

SHA512
73fd6709b19768eeb38a00faaa7f1af46da8c7d656e5acaa5f475b4ce01ca2175eb6f067be06f382034b1ee74adb4fe95841f0d0ec8926cddf98d4d66abc98cf

Download Submit
memory/912-3920-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/912-690-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/1004-3856-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1004-53-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1080-75-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/1080-1231-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/1080-3877-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/1368-790-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1368-3823-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1368-61-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1748-69-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1748-3897-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1840-681-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/1840-3916-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/1876-10-0x00000000021C0000-0x0000000002514000-memory.dmp

Filesize
3.3MB

Download
memory/1876-34-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1876-20-0x00000000021C0000-0x0000000002514000-memory.dmp

Filesize
3.3MB

Download
memory/1876-6-0x00000000021C0000-0x0000000002514000-memory.dmp

Filesize
3.3MB

Download
memory/1876-30-0x00000000021C0000-0x0000000002514000-memory.dmp

Filesize
3.3MB

Download
memory/1876-687-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-695-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-890-0x00000000021C0000-0x0000000002514000-memory.dmp

Filesize
3.3MB

Download
memory/1876-1983-0x00000000021C0000-0x0000000002514000-memory.dmp

Filesize
3.3MB

Download
memory/1876-1413-0x00000000021C0000-0x0000000002514000-memory.dmp

Filesize
3.3MB

Download
memory/1876-1767-0x00000000021C0000-0x0000000002514000-memory.dmp

Filesize
3.3MB

Download
memory/1876-1834-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/1876-1833-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-694-0x00000000021C0000-0x0000000002514000-memory.dmp

Filesize
3.3MB

Download
memory/1876-691-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/1876-1-0x0000000001B20000-0x0000000001B30000-memory.dmp

Filesize
64KB

Download
memory/1876-45-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/1876-78-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/1876-57-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-64-0x00000000021C0000-0x0000000002514000-memory.dmp

Filesize
3.3MB

Download
memory/1876-0-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1876-23-0x00000000021C0000-0x0000000002514000-memory.dmp

Filesize
3.3MB

Download
memory/1876-82-0x00000000021C0000-0x0000000002514000-memory.dmp

Filesize
3.3MB

Download
memory/1876-48-0x00000000021C0000-0x0000000002514000-memory.dmp

Filesize
3.3MB

Download
memory/2108-21-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2108-55-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2108-3597-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2160-3902-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2160-1583-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2160-83-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2292-682-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2292-3932-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2620-52-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2620-3820-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3599-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-63-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-28-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3520-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-46-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3501-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2816-41-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2816-12-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/3016-3601-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-36-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-73-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download